rpms/libsilc/F-8 silc-toolkit-1.0.2-fingerprint.patch, NONE, 1.1 libsilc.spec, 1.16, 1.17
Stu Tomlinson (nosnilmot)
fedora-extras-commits at redhat.com
Sat Jan 26 15:20:51 UTC 2008
- Previous message (by thread): rpms/serenity/devel dead.package, NONE, 1.1 sources, 1.2, 1.3 .cvsignore, 1.2, 1.3 serenity.spec, 1.1, NONE
- Next message (by thread): rpms/libsilc/F-7 libsilc-filter-provides.sh, NONE, 1.1 silc-toolkit-1.0.2-fingerprint.patch, NONE, 1.1 libsilc.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nosnilmot
Update of /cvs/pkgs/rpms/libsilc/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12131
Modified Files:
libsilc.spec
Added Files:
silc-toolkit-1.0.2-fingerprint.patch
Log Message:
- Patch to fix buffer overflow generating fingerprints (#372021)
silc-toolkit-1.0.2-fingerprint.patch:
--- NEW FILE silc-toolkit-1.0.2-fingerprint.patch ---
Index: silc/lib/silcutil/silcutil.c
diff -u silc/lib/silcutil/silcutil.c:1.78 silc/lib/silcutil/silcutil.c:1.78.2.1
--- silc/lib/silcutil/silcutil.c:1.78 Tue Jan 2 21:33:03 2007
+++ silc/lib/silcutil/silcutil.c Tue Jan 8 08:48:42 2008
@@ -467,28 +467,41 @@
char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len)
{
- char fingerprint[64], *cp;
- int i;
-
- memset(fingerprint, 0, sizeof(fingerprint));
- cp = fingerprint;
+ unsigned char *fingerprint, *cp;
+ unsigned int len, blocks, i;
+
+ if (!data || !data_len)
+ return NULL;
+
+ if (data_len >= 256)
+ data_len = 255;
+
+ /* Align and calculate total length */
+ len = ((data_len + 19) / 20) * 20;
+ blocks = (len / 10);
+ len = (len * 2) + ((blocks - 1) * 2) + (4 * blocks) + 2 + 1;
+
+ cp = fingerprint = silc_calloc(len, sizeof(*fingerprint));
+ if (!cp)
+ return NULL;
+
for (i = 0; i < data_len; i++) {
- snprintf(cp, sizeof(fingerprint), "%02X", data[i]);
+ snprintf(cp, len, "%02X", data[i]);
cp += 2;
+ len -= 2;
if ((i + 1) % 2 == 0)
- snprintf(cp++, sizeof(fingerprint), " ");
-
+ snprintf(cp++, len--, " ");
if ((i + 1) % 10 == 0)
- snprintf(cp++, sizeof(fingerprint), " ");
+ snprintf(cp++, len--, " ");
}
i--;
- if ((i + 1) % 2 == 0)
- cp[-2] = 0;
if ((i + 1) % 10 == 0)
- cp[-1] = 0;
+ *(--cp) = '\0';
+ if ((i + 1) % 2 == 0)
+ *(--cp) = '\0';
- return strdup(fingerprint);
+ return fingerprint;
}
/* Return TRUE if the `data' is ASCII string. */
Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/F-8/libsilc.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- libsilc.spec 26 Sep 2007 18:14:13 -0000 1.16
+++ libsilc.spec 26 Jan 2008 15:20:13 -0000 1.17
@@ -1,7 +1,7 @@
Summary: SILC Client Library
Name: libsilc
Version: 1.0.2
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2 or BSD
Group: System Environment/Libraries
URL: http://www.silcnet.org/
@@ -11,6 +11,7 @@
%define __find_provides %{SOURCE1}
Patch0: silc-toolkit-1.0.2-libs.patch
Patch1: silc-toolkit-1.0.2-wordsize.patch
+Patch2: silc-toolkit-1.0.2-fingerprint.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Epoch: 0
# doc subpackage was removed because they are too big and not useful
@@ -31,6 +32,7 @@
%setup -q -n silc-toolkit-%{version}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
%configure --libdir=%{_libdir} --enable-shared \
@@ -96,6 +98,9 @@
%{_includedir}/silc/*.h
%changelog
+* Sun Jan 26 2008 Stu Tomlinson <stu at nosnilmot.com> 1.0.2-5
+- Patch to fix buffer overflow generating fingerprints (#372021)
+
* Mon Sep 24 2007 Michael Schwendt <mschwendt at users.sf.net> 1.0.2-4
- filter out libsilc module SONAME Provides (#245323)
- add a check section with a test that fails when the modules move
- Previous message (by thread): rpms/serenity/devel dead.package, NONE, 1.1 sources, 1.2, 1.3 .cvsignore, 1.2, 1.3 serenity.spec, 1.1, NONE
- Next message (by thread): rpms/libsilc/F-7 libsilc-filter-provides.sh, NONE, 1.1 silc-toolkit-1.0.2-fingerprint.patch, NONE, 1.1 libsilc.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list