Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libtasn1
libtasn1-CVE-2015-2806.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libtasn1-CVE-2015-2806.patch of Package libtasn1
From: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: Thu, 26 Mar 2015 17:34:57 +0000 (+0100) Subject: increased size of LTOSTR_MAX_SIZE to account for sign and null byte X-Git-Tag: libtasn1_4_4~3 X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff_plain;h=4d4f992826a4962790ecd0cce6fbba4a415ce149;hp=77068c35a32cc31ba6b3af257921ca90696c7945 increased size of LTOSTR_MAX_SIZE to account for sign and null byte This address an overflow found by Hanno Böck in DER decoding. --- diff --git a/lib/parser_aux.c b/lib/parser_aux.c index d3e9009..da9a388 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void) char * -_asn1_ltostr (long v, char *str) +_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]) { long d, r; char temp[LTOSTR_MAX_SIZE]; @@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str) count++; v = d; } - while (v); + while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; diff --git a/lib/parser_aux.h b/lib/parser_aux.h index 55d9061..437f1c8 100644 --- a/lib/parser_aux.h +++ b/lib/parser_aux.h @@ -52,8 +52,9 @@ void _asn1_delete_list (void); void _asn1_delete_list_and_nodes (void); -#define LTOSTR_MAX_SIZE 20 -char *_asn1_ltostr (long v, char *str); +/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ +#define LTOSTR_MAX_SIZE 22 +char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]); asn1_node _asn1_find_up (asn1_node node);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor