projects
/
platform
/
upstream
/
rpm.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3d717d5
)
Fix buffer overflow in verifyDSASignature()
author
Jindrich Novy
<jnovy@redhat.com>
Wed, 9 Apr 2008 08:10:17 +0000
(10:10 +0200)
committer
Jindrich Novy
<jnovy@redhat.com>
Wed, 9 Apr 2008 08:12:00 +0000
(10:12 +0200)
- caused by assumption that sizeof(size_t) is always 4 (credited to jbj)
lib/signature.c
patch
|
blob
|
history
diff --git
a/lib/signature.c
b/lib/signature.c
index
f1b5c00
..
61497b1
100644
(file)
--- a/
lib/signature.c
+++ b/
lib/signature.c
@@
-1266,12
+1266,13
@@
verifyDSASignature(rpmts ts, char ** msg,
if (sigp->version == 4) {
size_t nb = sigp->hashlen;
- uint8_t
trailer[6]
;
+ uint8_t
*trailer = xmalloc(2+sizeof(nb))
;
nb = htonl(nb);
trailer[0] = sigp->version;
trailer[1] = 0xff;
memcpy(trailer+2, &nb, sizeof(nb));
xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
+ free(trailer);
}
xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0);
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);