projects / profile / ivi / eet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d9f236c)
eet: properly check buffer size during decipher.
authorcedric <cedric>
Wed, 30 May 2012 02:19:07 +0000 (02:19 +0000)
committercedric <cedric@7cbeb6ba-43b4-40fd-8cce-4c39aea84d33>
Wed, 30 May 2012 02:19:07 +0000 (02:19 +0000)
Fix bug #1017.

git-svn-id: http://svn.enlightenment.org/svn/e/trunk/eet@71524 7cbeb6ba-43b4-40fd-8cce-4c39aea84d33

ChangeLog patch | blob | history
NEWS patch | blob | history
src/lib/eet_cipher.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 9df47e5..c862049 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -594,3 +594,7 @@
 2012-05-15  Cedric Bail
 
        * Make eet_dictionary thread safe.
+
+2012-05-30  Cedric Bail
+
+       * Check that gnutls and openssl don't return below zero size during decipher.
diff --git a/NEWS b/NEWS
index 5d11d3e..f7da97e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ Changes since Eet 1.6.0:
 Fixes:
     * Force destruction of all pending file when shuting down eet.
     * Make eet_dictionary thread safe.
+    * Check that gnutls and openssl don't return below zero size during decipher.
 
 Eet 1.6.0
 
diff --git a/src/lib/eet_cipher.c b/src/lib/eet_cipher.c
index 2425e22..9441d8c 100644 (file)
--- a/src/lib/eet_cipher.c
+++ b/src/lib/eet_cipher.c
@@ -1219,7 +1219,7 @@ eet_decipher(const void   *data,
    /* Get the decrypted data size */
    tmp = *ret;
    tmp = ntohl(tmp);
-   if (tmp > tmp_len)
+   if (tmp > tmp_len || tmp <= 0)
      goto on_error;
 
    /* Update the return values */
Domain: UI Framework / Uncategorized;