RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:40:19
Branch: rpm-5_4 Handle: 2016040320401900
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmpgp.h
Log:
- rpmpgp: check for buffer overflows more carefully.
Summary:
Revision Changes Path
2.108.2.17 +11 -5 rpm/rpmio/rpmpgp.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.h
============================================================================
$ cvs diff -u -r2.108.2.16 -r2.108.2.17 rpmpgp.h
--- rpm/rpmio/rpmpgp.h 24 Feb 2015 20:24:09 -0000 2.108.2.16
+++ rpm/rpmio/rpmpgp.h 3 Apr 2016 20:40:19 -0000 2.108.2.17
@@ -1126,9 +1126,11 @@
char * pgpHexStr(const rpmuint8_t * p, size_t plen)
/*@*/
{
- static char prbuf[8*BUFSIZ]; /* XXX ick */
+ static char prbuf[BUFSIZ]; /* XXX ick */
+ static size_t nb = sizeof(prbuf) - 32;
char *t = prbuf;
- t = pgpHexCvt(t, p, plen);
+ unsigned ui = (plen <= nb) ? plen : nb;
+ t = pgpHexCvt(t, p, ui);
return prbuf;
}
@@ -1143,11 +1145,15 @@
/*@requires maxRead(p) >= 3 @*/
/*@*/
{
- static char prbuf[8*BUFSIZ]; /* XXX ick */
+ static char prbuf[BUFSIZ]; /* XXX ick */
+ static size_t nb = sizeof(prbuf) - 32;
char *t = prbuf;
- sprintf(t, "[%4u]: ", pgpGrab(p, 2));
+ unsigned ui = pgpGrab(p, 2);
+ sprintf(t, "[%4u]: ", ui);
t += strlen(t);
- t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2);
+ if ((ui = pgpMpiLen(p)) > nb)
+ ui = nb;
+ t = pgpHexCvt(t, p+2, ui-2);
return prbuf;
}
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
