projects / platform / upstream / gpgme.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 020813a) | patch
[CVE-2014-3564] Fix possible realloc overflow for gpgsm and uiserver engines. 30/253330/1 accepted/tizen_6.5_unified tizen_6.5 accepted/tizen/6.5/unified/20211029.013147 accepted/tizen/unified/20210210.052228 submit/tizen/20210209.022029 submit/tizen_6.5/20211028.163401 tizen_6.5.m2_release
authorWerner Koch <wk@gnupg.org>
Wed, 30 Jul 2014 09:04:55 +0000 (11:04 +0200)
committerDongHun Kwak <dh0128.kwak@samsung.com>
Tue, 9 Feb 2021 02:16:20 +0000 (11:16 +0900)
commit9ef4d8d890939ad97e8fa1ea57209bff93a1a66f
tree61bd83a292203bec1f054d5bb7e8fa12edc81b89tree | snapshot
parent020813a39ceb976ef3bb0c4ba4ae5c8c1fbd268ecommit | diff
[CVE-2014-3564] Fix possible realloc overflow for gpgsm and uiserver engines.

* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--

After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded.  Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order.  This is not easy exploitable because libassuan constructs the
line.  However a crash has been reported and thus it might be possible
to constructs an exploit.

Change-Id: I6d7bdc267f2e45be0ccd47fa4b68e0c358370e91
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
src/engine-gpgsm.c diff | blob | history
src/engine-uiserver.c diff | blob | history
Domain: System / Base;