Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

[libksba] asn1-func.c: array index out of range

  

 
GnuPG devel RSS feed   Index | Next | Previous | View Threaded


petr.uzel at suse

Jun 24, 2009, 9:26 AM

Post #1 of 2 (530 views)
Permalink
[libksba] asn1-func.c: array index out of range
Hi,

as David Binderman (CC:) pointed out in [1], there's a 'array index
out of range' bug in current libksba. Patch follows ;)

[1] https://bugzilla.novell.com/show_bug.cgi?id=515038


Index: src/asn1-func.c
===================================================================
--- src/asn1-func.c (revision 306)
+++ src/asn1-func.c (working copy)
@@ -171,7 +171,7 @@
break;
case VALTYPE_BOOL:
len = 1;
- helpbuf[1] = s->value.v_bool;
+ helpbuf[0] = s->value.v_bool;
buf = helpbuf;
break;
case VALTYPE_CSTR:



--
Best regards / s pozdravem

Petr Uzel, Packages maintainer
---------------------------------------------------------------------
SUSE LINUX, s.r.o. e-mail: puzel [at] suse
Lihovarská 1060/12 http://www.suse.cz
190 00 Prague 9
Czech Republic

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


wk at gnupg

Jun 28, 2009, 11:32 PM

Post #2 of 2 (487 views)
Permalink
Re: [libksba] asn1-func.c: array index out of range [In reply to]
On Wed, 24 Jun 2009 18:26, petr.uzel [at] suse said:

> as David Binderman (CC:) pointed out in [1], there's a 'array index
> out of range' bug in current libksba. Patch follows ;)

Thanks for reporting. This is a really old code part:

* asn1-func.c (copy_value): Fix out-of-bounds assignment of a
boolean to HELPBUF. Due to alignment rules this was not
exploitable and we did not even used this code path. Reported by
David Binderman.

Fixed in SVN r306.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.