Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP4:Update
podofo.35911
r1961-EncryptTest-Fix-buffer-overflow-in-decryp...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch of Package podofo.35911
------------------------------------------------------------------------ r1961 | mabri | 2019-02-03 00:14:11 +0100 (dom 03 de feb de 2019) | 17 líneas Patch by Francesco Pretto: EncryptTest: Fix buffer overflow in decrypted out buffer in TestEncrypt() According to OpenSSL 1.1.0 documentation[1], "the decrypted data buffer out passed to the EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes". In TestEncrypt(), pDecryptedBuffer has the exactly the size of the known clear text, which sounds correct but it's currently violating the contract of EVP_DecryptUpdate() used in PdfEncryptAESBase::BaseDecrypt() and causing a buffer overflow detected by MSVC when running the the test in a Debug build. Fix TestEncrypt() so the out data buffer will end up having exactly inl + cipher_block_size bytes. [1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_DecryptUpdate.html The foregoing patch description except for the patch attribution is content-wise by the patch author. Patch-Date: Tue Dec 25 20:59:16 2018 +0100 Post-Archive-Date: 2018-12-25 20:04:26 +0000 Post-Archive-URL: https://sourceforge.net/p/podofo/mailman/message/36501805/ Index: test/unit/EncryptTest.cpp =================================================================== --- test/unit/EncryptTest.cpp (revisión: 1960) +++ test/unit/EncryptTest.cpp (revisión: 1961) @@ -199,7 +199,7 @@ pdf_long nOutputLen = pEncrypt->CalculateStreamLength(m_lLen); unsigned char *pEncryptedBuffer = new unsigned char[nOutputLen]; - unsigned char *pDecryptedBuffer = new unsigned char[m_lLen]; + unsigned char *pDecryptedBuffer = new unsigned char[nOutputLen]; // Encrypt buffer try { ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor