OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=22

2009-02-26 15:43:32 +00:00 · 2009-02-26 15:43:32 +00:00 · 8d060f5dee
commit 8d060f5dee
parent fe32be5374
3 changed files with 44 additions and 1 deletions
--- a/bug-476290_hashalot-hashlen.diff
+++ b/bug-476290_hashalot-hashlen.diff
@ -0,0 +1,34 @@
+diff -up hashalot-0.3/hashalot.c.orig hashalot-0.3/hashalot.c
+--- hashalot-0.3/hashalot.c.orig	2009-02-11 19:31:16.000000000 -0600
+++ hashalot-0.3/hashalot.c	2009-02-11 19:47:46.000000000 -0600
+@@ -34,6 +34,7 @@
+ #include "sha512.h"
+ 
+ #define PASSWDBUFFLEN 130
+#define MAXHASHLEN (ULONG_MAX/2 - 2)
+ 
+ typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
+ 
+@@ -179,8 +180,7 @@ static void *
+ xmalloc (size_t size) {
+         void *p;
+ 
+-        if (size == 0)
+-                return NULL;
+        assert(size != 0);
+ 
+         p = malloc(size);
+         if (p == NULL) {
+@@ -239,6 +239,12 @@ main(int argc, char *argv[])
+ 				show_usage(argv[0]);
+ 				exit(EXIT_FAILURE);
+ 			}
+			if (hashlen >= MAXHASHLEN) {
+				fprintf(stderr, 
+					"please supply a value smaller than %lu for the -n option\n",
+					MAXHASHLEN);
+				exit(EXIT_FAILURE);
+			}
+ 			break;
+                 case 's':
+                         salt = optarg;
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Feb 26 15:34:06 CET 2009 - mhopf@suse.de
+
+- Fix segfault with oversized hashes (bnc #476290).
+
 -------------------------------------------------------------------
 Wed Feb 25 13:47:43 CET 2009 - jsmeix@suse.de

--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -30,7 +30,7 @@ License:        BSD 3-Clause; GPL v2 only; GPL v2 or later
 Group:          System/Base
 AutoReqProv:    on
 Version:        1.0.5_SVNr46
-Release:        59
+Release:        60
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
 Source:         cryptsetup-%{version}.tar.bz2
 Source1:        hashalot-%haver.tar.bz2
@ -46,6 +46,7 @@ Patch11:        hashalot-libgcrypt.diff
 Patch12:        hashalot-ctrl-d.diff
 Patch13:        hashalot-timeout.diff
 Patch14:        hashalot-manpage.diff
+Patch15:        bug-476290_hashalot-hashlen.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Provides:       aaa_base:/etc/init.d/boot.crypto
 Obsoletes:      util-linux-crypto <= 2.12r
@ -122,6 +123,7 @@ pushd ../hashalot-%haver
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 popd

 %build
@ -225,6 +227,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libcryptsetup.so

 %changelog
+* Thu Feb 26 2009 mhopf@suse.de
+- Fix segfault with oversized hashes (bnc #476290).
 * Wed Feb 25 2009 jsmeix@suse.de
 - Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and
  mkinitrd-setup.sh when the same password is used for all