tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bug fix for netpgpverify and libnetpgpverify
Does anyone have any objections with the following bug fix
(it's the same bug) being applied to both libnetpgpverify and
netpgpverify during the freeze?
I've seen other software using this code go into a loop, so would be
nice to get it fixed. I'm not asinine enough to call this a security
fix, but it is crypto software, and the bug manifests when converting
to a BIGNUM using BN_hex2bn() and BN_dec2bn(). (These are the local
implementations, not the openssl libcrypto ones).
Thanks,
Alistair
? netpgpverify/work
Index: libnetpgpverify/files/src/libbn/bignum.c
===================================================================
RCS file: /cvsroot/pkgsrc/security/libnetpgpverify/files/src/libbn/bignum.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 bignum.c
--- libnetpgpverify/files/src/libbn/bignum.c 23 Feb 2013 21:04:26 -0000
1.1.1.1
+++ libnetpgpverify/files/src/libbn/bignum.c 20 Dec 2013 02:06:24 -0000
@@ -5155,7 +5155,7 @@
if (mp_getradix_num(*a, radix, __UNCONST(str)) != MP_OKAY) {
return 0;
}
- mp_radix_size(__UNCONST(a), radix, &len);
+ mp_radix_size(__UNCONST(*a), radix, &len);
return len - 1;
}
Index: libnetpgpverify/files/src/libverify/verify.h
===================================================================
RCS file:
/cvsroot/pkgsrc/security/libnetpgpverify/files/src/libverify/verify.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 verify.h
--- libnetpgpverify/files/src/libverify/verify.h 23 Feb 2013 21:04:27
-0000 1.1.1.1
+++ libnetpgpverify/files/src/libverify/verify.h 20 Dec 2013 02:06:24
-0000
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2012 Alistair Crooks <agc%NetBSD.org@localhost>
+ * Copyright (c) 2012,2013 Alistair Crooks <agc%NetBSD.org@localhost>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_ 20120928
+#define NETPGP_VERIFY_H_ 20131219
#include <sys/types.h>
Index: netpgpverify/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/netpgpverify/Makefile,v
retrieving revision 1.3
diff -u -r1.3 Makefile
--- netpgpverify/Makefile 26 Apr 2013 23:24:55 -0000 1.3
+++ netpgpverify/Makefile 20 Dec 2013 02:06:24 -0000
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.3 2013/04/26 23:24:55 agc Exp $
-DISTNAME= netpgpverify-20130426
+DISTNAME= netpgpverify-20131219
CATEGORIES= security
MASTER_SITES= # empty
DISTFILES= # empty
Index: netpgpverify/files/bignum.c
===================================================================
RCS file: /cvsroot/pkgsrc/security/netpgpverify/files/bignum.c,v
retrieving revision 1.1
diff -u -r1.1 bignum.c
--- netpgpverify/files/bignum.c 16 Mar 2013 07:32:34 -0000 1.1
+++ netpgpverify/files/bignum.c 20 Dec 2013 02:06:24 -0000
@@ -5157,7 +5157,7 @@
if (mp_getradix_num(*a, radix, __UNCONST(str)) != MP_OKAY) {
return 0;
}
- mp_radix_size(__UNCONST(a), radix, &len);
+ mp_radix_size(__UNCONST(*a), radix, &len);
return len - 1;
}
Index: netpgpverify/files/verify.h
===================================================================
RCS file: /cvsroot/pkgsrc/security/netpgpverify/files/verify.h,v
retrieving revision 1.2
diff -u -r1.2 verify.h
--- netpgpverify/files/verify.h 26 Apr 2013 23:24:56 -0000 1.2
+++ netpgpverify/files/verify.h 20 Dec 2013 02:06:24 -0000
@@ -23,9 +23,9 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_ 20130426
+#define NETPGP_VERIFY_H_ 20131219
-#define NETPGPVERIFY_VERSION "netpgpverify portable 20130426"
+#define NETPGPVERIFY_VERSION "netpgpverify portable 20131219"
#include <sys/types.h>
Home |
Main Index |
Thread Index |
Old Index