rpms/libsilc/F-8 silc-toolkit-1.0.2-fingerprint.patch, NONE, 1.1 libsilc.spec, 1.16, 1.17

Sat Jan 26 15:20:51 UTC 2008

Author: nosnilmot

Update of /cvs/pkgs/rpms/libsilc/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12131

Modified Files:
	libsilc.spec 
Added Files:
	silc-toolkit-1.0.2-fingerprint.patch 
Log Message:
- Patch to fix buffer overflow generating fingerprints (#372021)


silc-toolkit-1.0.2-fingerprint.patch:

--- NEW FILE silc-toolkit-1.0.2-fingerprint.patch ---
Index: silc/lib/silcutil/silcutil.c
diff -u silc/lib/silcutil/silcutil.c:1.78 silc/lib/silcutil/silcutil.c:1.78.2.1
--- silc/lib/silcutil/silcutil.c:1.78	Tue Jan  2 21:33:03 2007
+++ silc/lib/silcutil/silcutil.c	Tue Jan  8 08:48:42 2008
@@ -467,28 +467,41 @@
 
 char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len)
 {
-  char fingerprint[64], *cp;
-  int i;
-
-  memset(fingerprint, 0, sizeof(fingerprint));
-  cp = fingerprint;
+  unsigned char *fingerprint, *cp;
+  unsigned int len, blocks, i;
+  
+  if (!data || !data_len)
+    return NULL;
+
+  if (data_len >= 256)
+    data_len = 255;
+
+  /* Align and calculate total length */
+  len = ((data_len + 19) / 20) * 20;
+  blocks = (len / 10);
+  len = (len * 2) + ((blocks - 1) * 2) + (4 * blocks) + 2 + 1;
+
+  cp = fingerprint = silc_calloc(len, sizeof(*fingerprint));
+  if (!cp)
+    return NULL;
+  
   for (i = 0; i < data_len; i++) {
-    snprintf(cp, sizeof(fingerprint), "%02X", data[i]);
+    snprintf(cp, len, "%02X", data[i]);
     cp += 2;
+    len -= 2;
 
     if ((i + 1) % 2 == 0)
-      snprintf(cp++, sizeof(fingerprint), " ");
-
+      snprintf(cp++, len--, " ");
     if ((i + 1) % 10 == 0)
-      snprintf(cp++, sizeof(fingerprint), " ");
+      snprintf(cp++, len--, " ");
   }
   i--;
-  if ((i + 1) % 2 == 0)
-    cp[-2] = 0;
   if ((i + 1) % 10 == 0)
-    cp[-1] = 0;
+    *(--cp) = '\0';  
+  if ((i + 1) % 2 == 0)
+    *(--cp) = '\0';
 
-  return strdup(fingerprint);
+  return fingerprint;
 }
 
 /* Return TRUE if the `data' is ASCII string. */


Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/F-8/libsilc.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- libsilc.spec	26 Sep 2007 18:14:13 -0000	1.16
+++ libsilc.spec	26 Jan 2008 15:20:13 -0000	1.17
@@ -1,7 +1,7 @@
 Summary: SILC Client Library
 Name: libsilc
 Version: 1.0.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2 or BSD
 Group: System Environment/Libraries
 URL: http://www.silcnet.org/
@@ -11,6 +11,7 @@
 %define __find_provides %{SOURCE1}
 Patch0: silc-toolkit-1.0.2-libs.patch
 Patch1: silc-toolkit-1.0.2-wordsize.patch
+Patch2: silc-toolkit-1.0.2-fingerprint.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 Epoch: 0
 # doc subpackage was removed because they are too big and not useful
@@ -31,6 +32,7 @@
 %setup -q -n silc-toolkit-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure --libdir=%{_libdir} --enable-shared \
@@ -96,6 +98,9 @@
 %{_includedir}/silc/*.h
 
 %changelog
+* Sun Jan 26 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-5
+- Patch to fix buffer overflow generating fingerprints (#372021)
+
 * Mon Sep 24 2007 Michael Schwendt <mschwendt at users.sf.net> 1.0.2-4
 - filter out libsilc module SONAME Provides (#245323)
 - add a check section with a test that fails when the modules move


