0014-Upstream-fix-for-heap-overflow.patch (1094B)
1 From d97748a061a3beb8bdf4d5d0a2458086951960ff Mon Sep 17 00:00:00 2001 2 From: Petr Stodulka <pstodulk@redhat.com> 3 Date: Mon, 14 Sep 2015 18:23:17 +0200 4 Subject: [PATCH] Upstream fix for heap overflow 5 6 --- 7 crypt.c | 12 +++++++++++- 8 1 file changed, 11 insertions(+), 1 deletion(-) 9 10 diff --git a/crypt.c b/crypt.c 11 index 784e411..a8975f2 100644 12 --- a/crypt.c 13 +++ b/crypt.c 14 @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) 15 GLOBAL(pInfo->encrypted) = FALSE; 16 defer_leftover_input(__G); 17 for (n = 0; n < RAND_HEAD_LEN; n++) { 18 - b = NEXTBYTE; 19 + /* 2012-11-23 SMS. (OUSPG report.) 20 + * Quit early if compressed size < HEAD_LEN. The resulting 21 + * error message ("unable to get password") could be improved, 22 + * but it's better than trying to read nonexistent data, and 23 + * then continuing with a negative G.csize. (See 24 + * fileio.c:readbyte()). 25 + */ 26 + if ((b = NEXTBYTE) == (ush)EOF) 27 + { 28 + return PK_ERR; 29 + } 30 h[n] = (uch)b; 31 Trace((stdout, " (%02x)", h[n])); 32 } 33 -- 34 2.20.1 35