Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
Botan
CVE-2016-9132.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-9132.patch of Package Botan
commit 8fce1edc0214b1149cbf4723322714f2e22032eb Author: Jack Lloyd <jack@randombit.net> Date: Mon Nov 28 05:51:53 2016 -0500 Fix BER integer overflow (CVE-2016-9132) diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 478ebae86..146fd6281 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -8,6 +8,7 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/get_byte.h> +#include <botan/internal/safeint.h> namespace Botan { @@ -125,7 +126,9 @@ size_t find_eoc(DataSource* ber) size_t item_size = decode_length(&source, length_size); source.discard_next(item_size); - length += item_size + length_size + tag_size; + length = BOTAN_CHECKED_ADD(length, item_size); + length = BOTAN_CHECKED_ADD(length, tag_size); + length = BOTAN_CHECKED_ADD(length, length_size); if(type_tag == EOC && class_tag == UNIVERSAL) break; diff --git a/src/utils/info.txt b/src/utils/info.txt index 57b6a2740..bbca1985c 100644 --- a/src/utils/info.txt +++ b/src/utils/info.txt @@ -20,6 +20,7 @@ ct_utils.h mlock.h prefetch.h rounding.h +safeint.h stl_util.h xor_buf.h </header:internal> diff --git a/src/utils/safeint.h b/src/utils/safeint.h new file mode 100644 index 000000000..e0bd66232 --- /dev/null +++ b/src/utils/safeint.h @@ -0,0 +1,39 @@ +/* +* Safe(r) Integer Handling +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_UTILS_SAFE_INT_H__ +#define BOTAN_UTILS_SAFE_INT_H__ + +#include <botan/exceptn.h> +#include <string> + +namespace Botan { + +class Integer_Overflow_Detected : public Exception + { + public: + Integer_Overflow_Detected(const std::string& file, int line) : + Exception("Integer overflow detected at " + file + ":" + std::to_string(line)) + {} + }; + +inline size_t checked_add(size_t x, size_t y, const char* file, int line) + { + // TODO: use __builtin_x_overflow on GCC and Clang + size_t z = x + y; + if(z < x) + { + throw Integer_Overflow_Detected(file, line); + } + return z; + } + +#define BOTAN_CHECKED_ADD(x,y) checked_add(x,y,__FILE__,__LINE__) + +} + +#endif
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor