logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0014-Upstream-fix-for-heap-overflow.patch (1094B)

    

  1. From d97748a061a3beb8bdf4d5d0a2458086951960ff Mon Sep 17 00:00:00 2001
  2. From: Petr Stodulka <pstodulk@redhat.com>
  3. Date: Mon, 14 Sep 2015 18:23:17 +0200
  4. Subject: [PATCH] Upstream fix for heap overflow
  6. ---
  7.  crypt.c | 12 +++++++++++-
  8.  1 file changed, 11 insertions(+), 1 deletion(-)
  10. diff --git a/crypt.c b/crypt.c
  11. index 784e411..a8975f2 100644
  12. --- a/crypt.c
  13. +++ b/crypt.c
  14. @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
  15.      GLOBAL(pInfo->encrypted) = FALSE;
  16.      defer_leftover_input(__G);
  17.      for (n = 0; n < RAND_HEAD_LEN; n++) {
  18. -        b = NEXTBYTE;
  19. +        /* 2012-11-23 SMS.  (OUSPG report.)
  20. +         * Quit early if compressed size < HEAD_LEN.  The resulting
  21. +         * error message ("unable to get password") could be improved,
  22. +         * but it's better than trying to read nonexistent data, and
  23. +         * then continuing with a negative G.csize.  (See
  24. +         * fileio.c:readbyte()).
  25. +         */
  26. +        if ((b = NEXTBYTE) == (ush)EOF)
  27. +        {
  28. +            return PK_ERR;
  29. +        }
  30.          h[n] = (uch)b;
  31.          Trace((stdout, " (%02x)", h[n]));
  32.      }
  33. -- 
  34. 2.20.1