RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:40:19 Branch: rpm-5_4 Handle: 2016040320401900 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmpgp.h Log: - rpmpgp: check for buffer overflows more carefully. Summary: Revision Changes Path 2.108.2.17 +11 -5 rpm/rpmio/rpmpgp.h ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/rpmio/rpmpgp.h ============================================================================ $ cvs diff -u -r2.108.2.16 -r2.108.2.17 rpmpgp.h --- rpm/rpmio/rpmpgp.h 24 Feb 2015 20:24:09 -0000 2.108.2.16 +++ rpm/rpmio/rpmpgp.h 3 Apr 2016 20:40:19 -0000 2.108.2.17 @@ -1126,9 +1126,11 @@ char * pgpHexStr(const rpmuint8_t * p, size_t plen) /*@*/ { - static char prbuf[8*BUFSIZ]; /* XXX ick */ + static char prbuf[BUFSIZ]; /* XXX ick */ + static size_t nb = sizeof(prbuf) - 32; char *t = prbuf; - t = pgpHexCvt(t, p, plen); + unsigned ui = (plen <= nb) ? plen : nb; + t = pgpHexCvt(t, p, ui); return prbuf; } @@ -1143,11 +1145,15 @@ /*@requires maxRead(p) >= 3 @*/ /*@*/ { - static char prbuf[8*BUFSIZ]; /* XXX ick */ + static char prbuf[BUFSIZ]; /* XXX ick */ + static size_t nb = sizeof(prbuf) - 32; char *t = prbuf; - sprintf(t, "[%4u]: ", pgpGrab(p, 2)); + unsigned ui = pgpGrab(p, 2); + sprintf(t, "[%4u]: ", ui); t += strlen(t); - t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2); + if ((ui = pgpMpiLen(p)) > nb) + ui = nb; + t = pgpHexCvt(t, p+2, ui-2); return prbuf; } @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org