| 1234567891011121314151617181920212223242526272829 |
- $OpenBSD: patch-crypt_c,v 1.1 2017/03/23 17:26:17 bluhm Exp $
- Fix CVE-2015-7696: upstream fix for heap overflow
- https://bugs.debian.org/802162
- https://bugzilla.redhat.com/show_bug.cgi?id=1260944
- https://bugzilla.redhat.com/attachment.cgi?id=1073002
- --- crypt.c.orig Fri Jan 5 16:47:36 2007
- +++ crypt.c Tue Mar 21 16:10:27 2017
- @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
- GLOBAL(pInfo->encrypted) = FALSE;
- defer_leftover_input(__G);
- for (n = 0; n < RAND_HEAD_LEN; n++) {
- - b = NEXTBYTE;
- + /* 2012-11-23 SMS. (OUSPG report.)
- + * Quit early if compressed size < HEAD_LEN. The resulting
- + * error message ("unable to get password") could be improved,
- + * but it's better than trying to read nonexistent data, and
- + * then continuing with a negative G.csize. (See
- + * fileio.c:readbyte()).
- + */
- + if ((b = NEXTBYTE) == (ush)EOF)
- + {
- + return PK_ERR;
- + }
- h[n] = (uch)b;
- Trace((stdout, " (%02x)", h[n]));
- }
|
