Attachment 644666 Details for Bug 871614 – CVE-2012-4560-Fix-a-possible-infinite-loop-in-buffer.patch

[patch] CVE-2012-4560-Fix-a-possible-infinite-loop-in-buffer.patch

0003-CVE-2012-4560-Fix-a-possible-infinite-loop-in-buffer.patch (text/plain), 1.22 KB, created by Andreas Schneider on 2012-11-14 08:52:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2012-11-14 08:52:00 UTC

Size: 1.22 KB

patch

obsolete

>From 83c41ddb6f81410caba19fde8474b3e2397f45b0 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@cryptomilk.org>
>Date: Fri, 12 Oct 2012 11:35:20 +0200
>Subject: [PATCH 03/11] CVE-2012-4560: Fix a possible infinite loop in
> buffer_reinit().
>
>If needed is bigger than the highest power of two or a which fits in an
>integer we will loop forever.
>
>Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
>---
> src/buffer.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
>diff --git a/src/buffer.c b/src/buffer.c
>index 3ffe6de..aef7e44 100644
>--- a/src/buffer.c
>+++ b/src/buffer.c
>@@ -111,13 +111,18 @@ void ssh_buffer_free(struct ssh_buffer_struct *buffer) {
>   SAFE_FREE(buffer);
> }
> 
>-static int realloc_buffer(struct ssh_buffer_struct *buffer, int needed) {
>-  int smallest = 1;
>-  char *new = NULL;
>+static int realloc_buffer(struct ssh_buffer_struct *buffer, size_t needed) {
>+  size_t smallest = 1;
>+  char *new;
>+
>   buffer_verify(buffer);
>+
>   /* Find the smallest power of two which is greater or equal to needed */
>   while(smallest <= needed) {
>-    smallest <<= 1;
>+      if (smallest == 0) {
>+          return -1;
>+      }
>+      smallest <<= 1;
>   }
>   needed = smallest;
>   new = realloc(buffer->data, needed);
>-- 
>1.8.0
>

Actions: View | Diff

Attachments on bug 871614: 644664 | 644665 | 644666 | 644667 | 644668 | 644669 | 644988 | 644990