Bug 985445 - p11-kit: cosmetic integer overflows
p11-kit: cosmetic integer overflows
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: p11-kit (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: 7.1
Assigned To: Daiki Ueno
Hubert Kario
Depends On:
Blocks: 983512
  Show dependency treegraph
Reported: 2013-07-17 09:47 EDT by Florian Weimer
Modified: 2017-08-01 12:52 EDT (History)
3 users (show)

See Also:
Fixed In Version: p11-kit-0.23.5-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-01 12:52:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-07-17 09:47:13 EDT
I believe the following issues related to integer overflows are purely cosmetic, but they might trip future static analysis efforts (if we ever get tools to automate this).

common/path.c:p11_path_build() has an overflow in the length computation if some of the input strings alias and are very long.

common/compat.c:strconcat() has an overflow in the length computation if some of the input strings alias and are very long.

common/url.c:p11_url_decode(): Check "value + 2 > end" is technically incorrect, should be "end - value < 2".

common/url.c:p11_url_encode(): should check for overflow in size computation (but this is purely cosmetic).

p11-kit/conf.c:read_config_file() has an overflow in the computation of the malloc length (on 32-bit systems).

common/base64.c:p11_b64_pton() should define tarindex as size_t.  Return type would need fixing, too.  Or targsize needs to be checked against INT_MAX.
Comment 2 Stef Walter 2013-07-17 14:34:28 EDT
Thanks. Will fix these later in git master.
Comment 5 Stef Walter 2014-08-07 03:33:27 EDT
This needs work in Fedora before updating it in RHEL, bumping to RHEL 7.2
Comment 11 errata-xmlrpc 2017-08-01 12:52:09 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.