]>
Commit | Line | Data |
---|---|---|
8df5f405 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Jan Friesse <jfriesse@redhat.com> | |
3 | Date: Mon, 19 Mar 2018 16:59:41 +0100 | |
4 | Subject: [PATCH] totemcrypto: Check length of the packet | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | Packet has to be longer than crypto_config_header and hash_len, | |
10 | otherwise unallocated memory is passed into calculate_nss_hash function, | |
11 | what may result in crash. | |
12 | ||
13 | Signed-off-by: Jan Friesse <jfriesse@redhat.com> | |
14 | Reviewed-by: Raphael Sanchez Prudencio <rasanche@redhat.com> | |
15 | Reviewed-by: Christine Caulfield <ccaulfie@redhat.com> | |
16 | (cherry picked from commit fc1d5418533c1faf21616b282c2559bed7d361c4) | |
17 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
18 | --- | |
e77cc04e FG |
19 | exec/totemcrypto.c | 6 ++++++ |
20 | 1 file changed, 6 insertions(+) | |
8df5f405 FG |
21 | |
22 | diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c | |
e77cc04e | 23 | index 9f8f083c..d8d0fcae 100644 |
8df5f405 FG |
24 | --- a/exec/totemcrypto.c |
25 | +++ b/exec/totemcrypto.c | |
e77cc04e FG |
26 | @@ -864,6 +864,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance, |
27 | return (-1); | |
28 | } | |
8df5f405 FG |
29 | |
30 | + if (*buf_len <= sizeof(struct crypto_config_header)) { | |
31 | + log_printf(instance->log_level_security, "Received message is too short... ignoring"); | |
32 | + | |
33 | + return (-1); | |
34 | + } | |
35 | + | |
36 | if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) { | |
e77cc04e FG |
37 | guessed_str = NULL; |
38 |