Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 418674 Details for
Bug 567608
sys-auth/skey: out of bounds stack read
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for the patchset
0001-put.c-Avoid-out-of-bounds-stack-read.patch (text/plain), 4.75 KB, created by
Ulrich Müller
on 2015-12-06 15:57:56 UTC
(
hide
)
Description:
Patch for the patchset
Filename:
MIME Type:
Creator:
Ulrich Müller
Created:
2015-12-06 15:57:56 UTC
Size:
4.75 KB
patch
obsolete
>From 4b353a0c39d76a4b6a5bbd00c1d3eefd3b6d3f1a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org> >Date: Sun, 6 Dec 2015 16:46:32 +0100 >Subject: [PATCH] put.c: Avoid out of bounds stack read. > >Revert btoe() to the OpenBSD version, in order to avoid reading >beyond array bounds. Thanks to Hanno Boeck. > >Bug: 567608 >--- > patchsets/skey/1.1.5/01_all_gentoo.patch | 34 ++++++++++++++----------- > patchsets/skey/1.1.5/06_all_binary-search.patch | 2 +- > 2 files changed, 20 insertions(+), 16 deletions(-) > >diff --git a/patchsets/skey/1.1.5/01_all_gentoo.patch b/patchsets/skey/1.1.5/01_all_gentoo.patch >index 0576ae2..ce3d2e6 100644 >--- a/patchsets/skey/1.1.5/01_all_gentoo.patch >+++ b/patchsets/skey/1.1.5/01_all_gentoo.patch >@@ -7,6 +7,10 @@ Updated skeyinfo.c and skey.3 from newer NetBSD version, which is > under a 2-clause BSD license. Removed some whitespace changes. > (05 Jan 2012) -ulm@gentoo.org > >+Revert btoe() to the OpenBSD version, in order to avoid reading >+beyond array bounds, bug 567608. >+ (05 Dec 2015) -hanno@gentoo.org >+ > --- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100 > +++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000 > @@ -1,6 +1,19 @@ >@@ -1036,7 +1040,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1 > -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1 > --- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100 >-+++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000 >++++ skey-1.1.5/put.c 2015-12-05 22:25:30.513292266 +0000 > @@ -14,7 +14,7 @@ > #include <stdio.h> > #include <string.h> >@@ -1059,7 +1063,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > "A", > "ABE", > "ACE", >-@@ -2079,19 +2079,13 @@ >+@@ -2079,10 +2079,7 @@ > /* Encode 8 bytes in 'c' as a string of English words. > * Returns a pointer to a static buffer > */ >@@ -1069,20 +1073,20 @@ under a 2-clause BSD license. Removed some whitespace changes. > - char *engout; > +char *btoe(char *engout, const char *c) > { >-- char cp[10]; /* add in room for the parity 2 bits + extract() slop */ >-+ char cp[9]; /* add in room for the parity 2 bits */ >+ char cp[10]; /* add in room for the parity 2 bits + extract() slop */ > int p, i; >- >+@@ -2090,8 +2087,8 @@ > engout[0] = '\0'; >-- >-- /* workaround for extract() reads beyond end of data */ >+ >+ /* workaround for extract() reads beyond end of data */ > - (void)memset(cp, 0, sizeof(cp)); > - (void)memcpy(cp, c, 8); >++ memset(cp, 0, sizeof(cp)); > + memcpy(cp, c, 8); > > /* compute parity */ > for (p = 0, i = 0; i < 64; i += 2) >-@@ -2099,20 +2093,20 @@ >+@@ -2099,20 +2096,20 @@ > > cp[8] = (char)p << 6; > >@@ -1115,7 +1119,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > #endif > return(engout); > } >-@@ -2123,41 +2117,42 @@ >+@@ -2123,41 +2120,42 @@ > * -1 badly formed in put ie > 4 char word > * -2 words OK but parity is wrong > */ >@@ -1178,7 +1182,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > > insert(b, v, p, 11); > } >-@@ -2167,55 +2162,47 @@ >+@@ -2167,55 +2165,47 @@ > p += extract (b, i, 2); > > if ((p & 3) != extract (b, 64, 2)) >@@ -1245,7 +1249,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > { > int i, j; > >-@@ -2223,18 +2210,18 @@ >+@@ -2223,18 +2213,18 @@ > i = (low + high) / 2; > > if ((j = strncmp(w, Wp[i], 4)) == 0) >@@ -1270,7 +1274,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > if (j < 0) > high = i; /* Search lower half */ > else >-@@ -2242,12 +2229,7 @@ >+@@ -2242,12 +2232,7 @@ > } > } > >@@ -1284,7 +1288,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > { > unsigned char cl; > unsigned char cc; >-@@ -2261,25 +2243,28 @@ >+@@ -2261,25 +2246,28 @@ > assert(start + length <= 66); > > shift = ((8 - ((start + length) % 8)) % 8); >@@ -1320,7 +1324,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > { > while (*word) { > if (!isascii(*word)) >-@@ -2297,11 +2282,7 @@ >+@@ -2297,11 +2285,7 @@ > } > > /* Extract 'length' bits from the char array 's' starting with bit 'start' */ >@@ -1333,7 +1337,7 @@ under a 2-clause BSD license. Removed some whitespace changes. > { > unsigned char cl; > unsigned char cc; >-@@ -2320,5 +2301,5 @@ >+@@ -2320,5 +2304,5 @@ > x = x >> (24 - (length + (start % 8))); > x = (x & (0xffff >> (16 - length))); > >diff --git a/patchsets/skey/1.1.5/06_all_binary-search.patch b/patchsets/skey/1.1.5/06_all_binary-search.patch >index 90e399c..923d41f 100644 >--- a/patchsets/skey/1.1.5/06_all_binary-search.patch >+++ b/patchsets/skey/1.1.5/06_all_binary-search.patch >@@ -2,7 +2,7 @@ Fix binary search. > > --- skey-1.1.5-orig/put.c > +++ skey-1.1.5/put.c >-@@ -2206,27 +2206,17 @@ >+@@ -2209,27 +2209,17 @@ > { > int i, j; > >-- >2.6.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 567608
:
418616
|
418674
|
418682