Dominique Leuenberger
97287cf8ed
md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup2?expand=0&rev=33
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
diff --unified --recursive --text --new-file --color libsoup-2.74.3/libsoup/soup-auth-ntlm.c libsoup-2.74.3.new/libsoup/soup-auth-ntlm.c
|
|
--- libsoup-2.74.3/libsoup/soup-auth-ntlm.c 2022-10-12 02:27:22.000000000 +0800
|
|
+++ libsoup-2.74.3.new/libsoup/soup-auth-ntlm.c 2026-01-12 10:26:03.168118541 +0800
|
|
@@ -594,7 +594,7 @@
|
|
}
|
|
|
|
static void md4sum (const unsigned char *in,
|
|
- int nbytes,
|
|
+ size_t nbytes,
|
|
unsigned char digest[16]);
|
|
|
|
typedef guint32 DES_KS[16][2]; /* Single-key DES key schedule */
|
|
@@ -640,7 +640,7 @@
|
|
{
|
|
unsigned char *buf, *p;
|
|
|
|
- p = buf = g_malloc (strlen (password) * 2);
|
|
+ p = buf = g_malloc_n (strlen (password), 2);
|
|
|
|
while (*password) {
|
|
*p++ = *password++;
|
|
@@ -1079,15 +1079,16 @@
|
|
#define ROT(val, n) ( ((val) << (n)) | ((val) >> (32 - (n))) )
|
|
|
|
static void
|
|
-md4sum (const unsigned char *in, int nbytes, unsigned char digest[16])
|
|
+md4sum (const unsigned char *in, size_t nbytes, unsigned char digest[16])
|
|
{
|
|
unsigned char *M;
|
|
guint32 A, B, C, D, AA, BB, CC, DD, X[16];
|
|
- int pbytes, nbits = nbytes * 8, i, j;
|
|
+ size_t pbytes, nbits = nbytes * 8;
|
|
+ int i, j;
|
|
|
|
/* There is *always* padding of at least one bit. */
|
|
pbytes = ((119 - (nbytes % 64)) % 64) + 1;
|
|
- M = alloca (nbytes + pbytes + 8);
|
|
+ M = g_malloc (nbytes + pbytes + 8);
|
|
memcpy (M, in, nbytes);
|
|
memset (M + nbytes, 0, pbytes + 8);
|
|
M[nbytes] = 0x80;
|
|
@@ -1187,6 +1188,8 @@
|
|
digest[13] = (D >> 8) & 0xFF;
|
|
digest[14] = (D >> 16) & 0xFF;
|
|
digest[15] = (D >> 24) & 0xFF;
|
|
+
|
|
+ g_free (M);
|
|
}
|
|
|
|
|