rpms/libsilc/F-8 silc-toolkit-1.0.2-pkcs1-overflow.patch, NONE, 1.1 libsilc.spec, 1.17, 1.18

Stu Tomlinson (nosnilmot) fedora-extras-commits at redhat.com
Thu Mar 20 18:17:13 UTC 2008 

Author: nosnilmot

Update of /cvs/pkgs/rpms/libsilc/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3747/F-8

Modified Files:
	libsilc.spec 
Added Files:
	silc-toolkit-1.0.2-pkcs1-overflow.patch 
Log Message:
- Fix buffer overflow in PKCS#1 message decoding (#438382)


silc-toolkit-1.0.2-pkcs1-overflow.patch:

--- NEW FILE silc-toolkit-1.0.2-pkcs1-overflow.patch ---
diff -up silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c.pkcs1oflow silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c
--- silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c.pkcs1oflow	2005-12-19 07:05:02.000000000 -0500
+++ silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c	2008-03-20 10:28:31.000000000 -0400
@@ -103,7 +103,7 @@ bool silc_pkcs1_decode(SilcPkcs1BlockTyp
 		       SilcUInt32 dest_data_size,
 		       SilcUInt32 *dest_len)
 {
-  int i = 0;
+  SilcUInt32 i = 0;
 
   SILC_LOG_DEBUG(("PKCS#1 decoding, bt %d", bt));
 
@@ -136,11 +136,19 @@ bool silc_pkcs1_decode(SilcPkcs1BlockTyp
   }
 
   /* Sanity checks */
+  if (i >= data_len) {
+    SILC_LOG_DEBUG(("Malformed block"));
+    return FALSE;
+  }
+  if (i < SILC_PKCS1_MIN_PADDING) {
+    SILC_LOG_DEBUG(("Malformed block"));
+    return FALSE;
+  }
   if (data[i++] != 0x00) {
     SILC_LOG_DEBUG(("Malformed block"));
     return FALSE;
   }
-  if (i - 1 < SILC_PKCS1_MIN_PADDING) {
+  if (i >= data_len) {
     SILC_LOG_DEBUG(("Malformed block"));
     return FALSE;
   }


Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/F-8/libsilc.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- libsilc.spec	26 Jan 2008 15:20:13 -0000	1.17
+++ libsilc.spec	20 Mar 2008 18:16:30 -0000	1.18
@@ -1,7 +1,7 @@
 Summary: SILC Client Library
 Name: libsilc
 Version: 1.0.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2 or BSD
 Group: System Environment/Libraries
 URL: http://www.silcnet.org/
@@ -12,6 +12,7 @@
 Patch0: silc-toolkit-1.0.2-libs.patch
 Patch1: silc-toolkit-1.0.2-wordsize.patch
 Patch2: silc-toolkit-1.0.2-fingerprint.patch
+Patch3: silc-toolkit-1.0.2-pkcs1-overflow.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 Epoch: 0
 # doc subpackage was removed because they are too big and not useful
@@ -33,6 +34,7 @@
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %configure --libdir=%{_libdir} --enable-shared \
@@ -98,6 +100,9 @@
 %{_includedir}/silc/*.h
 
 %changelog
+* Thu Mar 20 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-6
+- Fix buffer overflow in PKCS#1 message decoding (#438382)
+
 * Sun Jan 26 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-5
 - Patch to fix buffer overflow generating fingerprints (#372021)

More information about the fedora-extras-commits mailing list