rpms/libsilc/F-8 silc-toolkit-1.0.2-pkcs1-overflow.patch, NONE, 1.1 libsilc.spec, 1.17, 1.18
Stu Tomlinson (nosnilmot)
fedora-extras-commits at redhat.com
Thu Mar 20 18:17:13 UTC 2008
Author: nosnilmot
Update of /cvs/pkgs/rpms/libsilc/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3747/F-8
Modified Files:
libsilc.spec
Added Files:
silc-toolkit-1.0.2-pkcs1-overflow.patch
Log Message:
- Fix buffer overflow in PKCS#1 message decoding (#438382)
silc-toolkit-1.0.2-pkcs1-overflow.patch:
--- NEW FILE silc-toolkit-1.0.2-pkcs1-overflow.patch ---
diff -up silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c.pkcs1oflow silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c
--- silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c.pkcs1oflow 2005-12-19 07:05:02.000000000 -0500
+++ silc-toolkit-1.0.2/lib/silccrypt/silcpkcs1.c 2008-03-20 10:28:31.000000000 -0400
@@ -103,7 +103,7 @@ bool silc_pkcs1_decode(SilcPkcs1BlockTyp
SilcUInt32 dest_data_size,
SilcUInt32 *dest_len)
{
- int i = 0;
+ SilcUInt32 i = 0;
SILC_LOG_DEBUG(("PKCS#1 decoding, bt %d", bt));
@@ -136,11 +136,19 @@ bool silc_pkcs1_decode(SilcPkcs1BlockTyp
}
/* Sanity checks */
+ if (i >= data_len) {
+ SILC_LOG_DEBUG(("Malformed block"));
+ return FALSE;
+ }
+ if (i < SILC_PKCS1_MIN_PADDING) {
+ SILC_LOG_DEBUG(("Malformed block"));
+ return FALSE;
+ }
if (data[i++] != 0x00) {
SILC_LOG_DEBUG(("Malformed block"));
return FALSE;
}
- if (i - 1 < SILC_PKCS1_MIN_PADDING) {
+ if (i >= data_len) {
SILC_LOG_DEBUG(("Malformed block"));
return FALSE;
}
Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/F-8/libsilc.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- libsilc.spec 26 Jan 2008 15:20:13 -0000 1.17
+++ libsilc.spec 20 Mar 2008 18:16:30 -0000 1.18
@@ -1,7 +1,7 @@
Summary: SILC Client Library
Name: libsilc
Version: 1.0.2
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2 or BSD
Group: System Environment/Libraries
URL: http://www.silcnet.org/
@@ -12,6 +12,7 @@
Patch0: silc-toolkit-1.0.2-libs.patch
Patch1: silc-toolkit-1.0.2-wordsize.patch
Patch2: silc-toolkit-1.0.2-fingerprint.patch
+Patch3: silc-toolkit-1.0.2-pkcs1-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Epoch: 0
# doc subpackage was removed because they are too big and not useful
@@ -33,6 +34,7 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
%configure --libdir=%{_libdir} --enable-shared \
@@ -98,6 +100,9 @@
%{_includedir}/silc/*.h
%changelog
+* Thu Mar 20 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-6
+- Fix buffer overflow in PKCS#1 message decoding (#438382)
+
* Sun Jan 26 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-5
- Patch to fix buffer overflow generating fingerprints (#372021)
More information about the fedora-extras-commits
mailing list