Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 487886 Details for
Bug 627014
<dev-libs/libtasn1-4.12-r1: Denial of Service Vulnerability (NULL pointer dereference)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2017-10790.patch
CVE-2017-10790.patch (text/plain), 2.21 KB, created by
Andrey Ovcharov
on 2017-08-04 00:36:24 UTC
(
hide
)
Description:
CVE-2017-10790.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-08-04 00:36:24 UTC
Size:
2.21 KB
patch
obsolete
>From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 >From: Nikos Mavrogiannopoulos <nmav@redhat.com> >Date: Thu, 22 Jun 2017 16:31:37 +0200 >Subject: [PATCH] _asn1_check_identifier: safer access to values read > >Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> >--- > lib/parser_aux.c | 17 ++++++++++++----- > 1 file changed, 12 insertions(+), 5 deletions(-) > >diff --git a/lib/parser_aux.c b/lib/parser_aux.c >index 976ab38..786ea64 100644 >--- a/lib/parser_aux.c >+++ b/lib/parser_aux.c >@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) > if (p2 == NULL) > { > if (p->value) >- _asn1_strcpy (_asn1_identifierMissing, p->value); >+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); > else > _asn1_strcpy (_asn1_identifierMissing, "(null)"); > return ASN1_IDENTIFIER_NOT_FOUND; >@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) > if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) > { > _asn1_str_cpy (name2, sizeof (name2), node->name); >- _asn1_str_cat (name2, sizeof (name2), "."); >- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); >- _asn1_strcpy (_asn1_identifierMissing, p2->value); >+ if (p2->value) >+ { >+ _asn1_str_cat (name2, sizeof (name2), "."); >+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); >+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); >+ } >+ else >+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); >+ > p2 = asn1_find_node (node, name2); > if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || > !(p2->type & CONST_ASSIGN)) >@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) > _asn1_str_cpy (name2, sizeof (name2), node->name); > _asn1_str_cat (name2, sizeof (name2), "."); > _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); >- _asn1_strcpy (_asn1_identifierMissing, p2->value); >+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); >+ > p2 = asn1_find_node (node, name2); > if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) > || !(p2->type & CONST_ASSIGN)) >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 627014
: 487886