forked from pool/util-linux
56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From 0e7b44f7f89291d8ae75e4f099d8aa2bcca1cfc5 Mon Sep 17 00:00:00 2001
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
Date: Tue, 9 Oct 2007 14:34:15 +0200
|
|
Subject: [PATCH] fix buffer overflow
|
|
|
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
---
|
|
mount/lomount.c | 13 +++++++++----
|
|
1 files changed, 9 insertions(+), 4 deletions(-)
|
|
|
|
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
|
===================================================================
|
|
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
|
|
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
|
|
@@ -25,8 +25,8 @@
|
|
#include "xstrncpy.h"
|
|
#include "nls.h"
|
|
|
|
-#ifndef MAX
|
|
-#define MAX(a,b) ((a>b)?(a):(b))
|
|
+#ifndef MIN
|
|
+#define MIN(a,b) ((a<b)?(a):(b))
|
|
#endif
|
|
|
|
extern int verbose;
|
|
@@ -291,7 +291,7 @@ digits_only(const char *s) {
|
|
|
|
static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
|
{
|
|
- memcpy(buf, key, MAX(buflen, keylen));
|
|
+ memcpy(buf, key, MIN(buflen, keylen));
|
|
}
|
|
|
|
static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
|
@@ -304,7 +304,7 @@ static void phash_rmd160(const unsigned
|
|
rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
|
|
memset(tmp, 0, keylen+1);
|
|
free(tmp);
|
|
- memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
|
|
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
|
|
}
|
|
|
|
int
|
|
@@ -421,6 +421,11 @@ set_loop(const char *device, const char
|
|
loopinfo64.lo_encrypt_key_size = keysz>>3;
|
|
}
|
|
|
|
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
|
|
+ fprintf(stderr, _("invalid key length\n"));
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
if (phash) {
|
|
if(!strcasecmp(phash, "sha512")) {
|
|
hfunc = sha512_hash_buffer;
|