util-linux/util-linux-ng-fix-buffer-overflow.diff

56 lines
1.7 KiB
Diff

From 0e7b44f7f89291d8ae75e4f099d8aa2bcca1cfc5 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 9 Oct 2007 14:34:15 +0200
Subject: [PATCH] fix buffer overflow
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
mount/lomount.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
@@ -25,8 +25,8 @@
#include "xstrncpy.h"
#include "nls.h"
-#ifndef MAX
-#define MAX(a,b) ((a>b)?(a):(b))
+#ifndef MIN
+#define MIN(a,b) ((a<b)?(a):(b))
#endif
extern int verbose;
@@ -291,7 +291,7 @@ digits_only(const char *s) {
static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
{
- memcpy(buf, key, MAX(buflen, keylen));
+ memcpy(buf, key, MIN(buflen, keylen));
}
static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
@@ -304,7 +304,7 @@ static void phash_rmd160(const unsigned
rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
memset(tmp, 0, keylen+1);
free(tmp);
- memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
}
int
@@ -421,6 +421,11 @@ set_loop(const char *device, const char
loopinfo64.lo_encrypt_key_size = keysz>>3;
}
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
+ fprintf(stderr, _("invalid key length\n"));
+ return 1;
+ }
+
if (phash) {
if(!strcasecmp(phash, "sha512")) {
hfunc = sha512_hash_buffer;