RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 18-May-2010 01:23:46
Branch: HEAD Handle: 2010051723234500
Modified files:
rpm CHANGES
rpm/rpmio rpmbc.c
Log:
- bc: fix: eliminate static buffer overflow.
Summary:
Revision Changes Path
1.3353 +1 -0 rpm/CHANGES
2.19 +19 -14 rpm/rpmio/rpmbc.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3352 -r1.3353 CHANGES
--- rpm/CHANGES 16 May 2010 18:53:42 -0000 1.3352
+++ rpm/CHANGES 17 May 2010 23:23:45 -0000 1.3353
@@ -1,4 +1,5 @@
5.3.0 -> 5.4a1:
+ - jbj: bc: fix: eliminate static buffer overflow.
- jbj: ssl: ensure RSA/DSA parameters are set.
- jbj: hkp: expose pubky/signature parameter setters.
- jbj: hkp: pick up RHEL6 pubkeys for testing.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmbc.c
============================================================================
$ cvs diff -u -r2.18 -r2.19 rpmbc.c
--- rpm/rpmio/rpmbc.c 29 Apr 2010 23:35:16 -0000 2.18
+++ rpm/rpmio/rpmbc.c 17 May 2010 23:23:45 -0000 2.19
@@ -161,14 +161,14 @@
/**
*/
-static /*...@observer@*/
-const char * pgpMpiHex(const rpmuint8_t *p)
+static /*...@only@*/
+char * pgpMpiHex(const rpmuint8_t *p)
/*...@*/
{
- static char prbuf[2048];
- char *t = prbuf;
- t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2);
- return prbuf;
+ size_t nb = pgpMpiLen(p);
+ char * t = xmalloc(2*nb + 1);
+ (void) pgpHexCvt(t, p+2, nb-2);
+ return t;
}
/**
@@ -202,7 +202,10 @@
if (_pgp_debug)
fprintf(stderr, "*** mbits %u nbits %u nbytes %u t %p[%d] ix %u\n", mbits,
nbits, nbytes, t, (2*nbytes+1), ix);
if (ix > 0) memset(t, (int)'0', ix);
- strcpy(t+ix, (const char *) pgpMpiHex(p));
+ { const char * s = pgpMpiHex(p);
+ strcpy(t+ix, s);
+ s = _free(s);
+ }
if (_pgp_debug)
fprintf(stderr, "*** %s %s\n", pre, t);
(void) mpnsethex(mpn, t);
@@ -219,6 +222,7 @@
/*...@modifies fileSystem @*/
{
rpmbc bc = dig->impl;
+ const char * s = NULL;
int rc = 0;
switch (itemno) {
@@ -230,7 +234,7 @@
case 61: /* ECDSA Q */
break;
case 10: /* RSA m**d */
- (void) mpnsethex(&bc->c, pgpMpiHex(p));
+ (void) mpnsethex(&bc->c, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->c.size, bc->c.data);
break;
@@ -241,36 +245,37 @@
rc = pgpMpiSet(pre, 160, &bc->s, p, pend);
break;
case 30: /* RSA n */
- (void) mpbsethex(&bc->rsa_pk.n, pgpMpiHex(p));
+ (void) mpbsethex(&bc->rsa_pk.n, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->rsa_pk.n.size,
bc->rsa_pk.n.modl);
break;
case 31: /* RSA e */
- (void) mpnsethex(&bc->rsa_pk.e, pgpMpiHex(p));
+ (void) mpnsethex(&bc->rsa_pk.e, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->rsa_pk.e.size,
bc->rsa_pk.e.data);
break;
case 40: /* DSA p */
- (void) mpbsethex(&bc->p, pgpMpiHex(p));
+ (void) mpbsethex(&bc->p, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->p.size, bc->p.modl);
break;
case 41: /* DSA q */
- (void) mpbsethex(&bc->q, pgpMpiHex(p));
+ (void) mpbsethex(&bc->q, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->q.size, bc->q.modl);
break;
case 42: /* DSA g */
- (void) mpnsethex(&bc->g, pgpMpiHex(p));
+ (void) mpnsethex(&bc->g, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->g.size, bc->g.data);
break;
case 43: /* DSA y */
- (void) mpnsethex(&bc->y, pgpMpiHex(p));
+ (void) mpnsethex(&bc->y, s = pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->y.size, bc->y.data);
break;
}
+ s = _free(s);
return rc;
}
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
