From 8d060f5dee4fa59196b5d34a9418ccd435bb2a49c282ae56ef54c5fa8650cd11 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 26 Feb 2009 15:43:32 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=22 --- bug-476290_hashalot-hashlen.diff | 34 ++++++++++++++++++++++++++++++++ cryptsetup.changes | 5 +++++ cryptsetup.spec | 6 +++++- 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 bug-476290_hashalot-hashlen.diff diff --git a/bug-476290_hashalot-hashlen.diff b/bug-476290_hashalot-hashlen.diff new file mode 100644 index 0000000..42a8b8d --- /dev/null +++ b/bug-476290_hashalot-hashlen.diff @@ -0,0 +1,34 @@ +diff -up hashalot-0.3/hashalot.c.orig hashalot-0.3/hashalot.c +--- hashalot-0.3/hashalot.c.orig 2009-02-11 19:31:16.000000000 -0600 ++++ hashalot-0.3/hashalot.c 2009-02-11 19:47:46.000000000 -0600 +@@ -34,6 +34,7 @@ + #include "sha512.h" + + #define PASSWDBUFFLEN 130 ++#define MAXHASHLEN (ULONG_MAX/2 - 2) + + typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); + +@@ -179,8 +180,7 @@ static void * + xmalloc (size_t size) { + void *p; + +- if (size == 0) +- return NULL; ++ assert(size != 0); + + p = malloc(size); + if (p == NULL) { +@@ -239,6 +239,12 @@ main(int argc, char *argv[]) + show_usage(argv[0]); + exit(EXIT_FAILURE); + } ++ if (hashlen >= MAXHASHLEN) { ++ fprintf(stderr, ++ "please supply a value smaller than %lu for the -n option\n", ++ MAXHASHLEN); ++ exit(EXIT_FAILURE); ++ } + break; + case 's': + salt = optarg; diff --git a/cryptsetup.changes b/cryptsetup.changes index d57a5ff..6e22c5f 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 26 15:34:06 CET 2009 - mhopf@suse.de + +- Fix segfault with oversized hashes (bnc #476290). + ------------------------------------------------------------------- Wed Feb 25 13:47:43 CET 2009 - jsmeix@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index 08b1597..7e61f09 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -30,7 +30,7 @@ License: BSD 3-Clause; GPL v2 only; GPL v2 or later Group: System/Base AutoReqProv: on Version: 1.0.5_SVNr46 -Release: 59 +Release: 60 Summary: Set Up dm-crypt Based Encrypted Block Devices Source: cryptsetup-%{version}.tar.bz2 Source1: hashalot-%haver.tar.bz2 @@ -46,6 +46,7 @@ Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff Patch13: hashalot-timeout.diff Patch14: hashalot-manpage.diff +Patch15: bug-476290_hashalot-hashlen.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: aaa_base:/etc/init.d/boot.crypto Obsoletes: util-linux-crypto <= 2.12r @@ -122,6 +123,7 @@ pushd ../hashalot-%haver %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 popd %build @@ -225,6 +227,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libcryptsetup.so %changelog +* Thu Feb 26 2009 mhopf@suse.de +- Fix segfault with oversized hashes (bnc #476290). * Wed Feb 25 2009 jsmeix@suse.de - Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and mkinitrd-setup.sh when the same password is used for all