Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 418682 Details for
Bug 567608
sys-auth/skey: out of bounds stack read
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
14_all_extract.patch
14_all_extract.patch (text/plain), 953 bytes, created by
Ulrich Müller
on 2015-12-06 20:32:28 UTC
(
hide
)
Description:
14_all_extract.patch
Filename:
MIME Type:
Creator:
Ulrich Müller
Created:
2015-12-06 20:32:28 UTC
Size:
953 bytes
patch
obsolete
>https://bugs.gentoo.org/567608 >Fix the extract() function not to access unnecessary array elements. >This avoids an out-of-bounds read when called from btoe() or etob(). > >--- skey-1.1.5-orig/put.c >+++ skey-1.1.5/put.c >@@ -2274,22 +2274,19 @@ > /* Extract 'length' bits from the char array 's' starting with bit 'start' */ > static unsigned int extract(char *s, int start, int length) > { >- unsigned char cl; >- unsigned char cc; >- unsigned char cr; > unsigned int x; >+ int i; > > assert(length <= 11); > assert(start >= 0); > assert(length >= 0); > assert(start + length <= 66); > >- cl = s[start / 8]; >- cc = s[start / 8 + 1]; >- cr = s[start / 8 + 2]; >- x = ((int)(cl << 8 | cc) << 8 | cr); >- x = x >> (24 - (length + (start % 8))); >- x = (x & (0xffff >> (16 - length))); >+ x = 0; >+ for (i = start / 8; i < (start + length + 7) / 8; i++) >+ x = (x << 8) | (unsigned char)s[i]; >+ x >>= 7 - (start + length + 7) % 8; >+ x &= (1 << length) - 1; > > return x; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=418682">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 567608
:
418616
|
418674
|
418682
