Attached patch should fix bug mentioned in [1]. memset function was used incorrectly with address of a pointer instead of address where pointer was pointing thus causing buffer overflow and possibly other problems.
The 0.9.x versions don't seem to be affected since the identity application doesn't exist there if I am not mistaken. [1] https://bugs.gentoo.org/show_bug.cgi?id=339355 -- Stanislav Ochotnicky Gentoo developer net-p2p herd, app-arch/rpm maintainer PGP: 0x7B087241
From d029cce1691ba78310763059c35ed08596ebf74f Mon Sep 17 00:00:00 2001 From: Stanislav Ochotnicky <[email protected]> Date: Sat, 15 Jan 2011 21:02:52 +0100 Subject: [PATCH] Fix buffer overflow memset function was called incorrectly with address of a pointer instead of address where pointer was pointing See https://bugs.gentoo.org/show_bug.cgi?id=339355 for details --- src/applications/identity/identity.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/applications/identity/identity.c b/src/applications/identity/identity.c index 063c463..6d3cf65 100644 --- a/src/applications/identity/identity.c +++ b/src/applications/identity/identity.c @@ -423,7 +423,7 @@ getPeerIdentity (const GNUNET_RSA_PublicKey * pubKey, GNUNET_PeerIdentity * result) { if (pubKey == NULL) - memset (&result, 0, sizeof (GNUNET_PeerIdentity)); + memset (result, 0, sizeof (GNUNET_PeerIdentity)); else GNUNET_hash (pubKey, sizeof (GNUNET_RSA_PublicKey), &result->hashPubKey); } -- 1.7.3.4
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnunet-developers
