82 lines
2.9 KiB
Diff
82 lines
2.9 KiB
Diff
diff -Naur boinc-6.2.18/checkin_notes boinc-6.2.18-mp/checkin_notes
|
|
--- boinc-6.2.18/checkin_notes 2008-08-25 16:29:18.000000000 -0400
|
|
+++ boinc-6.2.18-mp/checkin_notes 2009-01-14 14:05:04.000000000 -0500
|
|
@@ -1,3 +1,13 @@
|
|
+David Jan 12 2009
|
|
+ - lib: check return values of RSA_*() functions.
|
|
+ Also fix a memory leak, missing RSA_free().
|
|
+ Fixes #823.
|
|
+
|
|
+ lib/
|
|
+ crypt.cpp
|
|
+ error_numbers.h
|
|
+ str_util.cpp
|
|
+
|
|
David Jan 1 2008
|
|
- fixed bug in upgrade
|
|
|
|
diff -Naur boinc-6.2.18/lib/crypt.C boinc-6.2.18-mp/lib/crypt.C
|
|
--- boinc-6.2.18/lib/crypt.C 2008-08-25 16:27:59.000000000 -0400
|
|
+++ boinc-6.2.18-mp/lib/crypt.C 2009-01-14 14:08:24.000000000 -0500
|
|
@@ -210,7 +210,7 @@
|
|
// The output block must be decrypted in its entirety.
|
|
//
|
|
int encrypt_private(R_RSA_PRIVATE_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
|
|
- int n, modulus_len;
|
|
+ int n, modulus_len, retval;
|
|
|
|
modulus_len = (key.bits+7)/8;
|
|
n = in.len;
|
|
@@ -219,17 +219,27 @@
|
|
}
|
|
RSA* rp = RSA_new();
|
|
private_to_openssl(key, rp);
|
|
- RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
|
|
+ retval = RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
|
|
+ if (retval < 0) {
|
|
+ RSA_free(rp);
|
|
+ return ERR_CRYPTO;
|
|
+ }
|
|
out.len = RSA_size(rp);
|
|
RSA_free(rp);
|
|
return 0;
|
|
}
|
|
|
|
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
|
|
+ int retval;
|
|
RSA* rp = RSA_new();
|
|
public_to_openssl(key, rp);
|
|
- RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
|
|
+ retval = RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
|
|
+ if (retval < 0) {
|
|
+ RSA_free(rp);
|
|
+ return ERR_CRYPTO;
|
|
+ }
|
|
out.len = RSA_size(rp);
|
|
+ RSA_free(rp);
|
|
return 0;
|
|
}
|
|
|
|
diff -Naur boinc-6.2.18/lib/error_numbers.h boinc-6.2.18-mp/lib/error_numbers.h
|
|
--- boinc-6.2.18/lib/error_numbers.h 2008-08-25 16:27:59.000000000 -0400
|
|
+++ boinc-6.2.18-mp/lib/error_numbers.h 2009-01-14 14:12:59.000000000 -0500
|
|
@@ -187,6 +187,7 @@
|
|
#define ERR_CHILD_FAILED -228
|
|
#define ERR_SYMLINK -229
|
|
#define ERR_DB_CONN_LOST -230
|
|
+#define ERR_CRYPTO -231
|
|
|
|
// PLEASE: add a text description of your error to
|
|
// the text description function boincerror() in str_util.C.
|
|
diff -Naur boinc-6.2.18/lib/str_util.C boinc-6.2.18-mp/lib/str_util.C
|
|
--- boinc-6.2.18/lib/str_util.C 2008-08-25 16:27:59.000000000 -0400
|
|
+++ boinc-6.2.18-mp/lib/str_util.C 2009-01-14 14:13:57.000000000 -0500
|
|
@@ -735,6 +735,7 @@
|
|
case ERR_BAD_FILENAME: return "file name is empty or has '..'";
|
|
case ERR_TOO_MANY_EXITS: return "application exited too many times";
|
|
case ERR_RMDIR: return "rmdir() failed";
|
|
+ case ERR_CRYPTO: return "encryption error";
|
|
case 404: return "HTTP file not found";
|
|
case 407: return "HTTP proxy authentication failure";
|
|
case 416: return "HTTP range request error";
|