Red Hat Bugzilla – Bug 985445
p11-kit: cosmetic integer overflows
Last modified: 2017-08-01 12:52:09 EDT
I believe the following issues related to integer overflows are purely cosmetic, but they might trip future static analysis efforts (if we ever get tools to automate this).
common/path.c:p11_path_build() has an overflow in the length computation if some of the input strings alias and are very long.
common/compat.c:strconcat() has an overflow in the length computation if some of the input strings alias and are very long.
common/url.c:p11_url_decode(): Check "value + 2 > end" is technically incorrect, should be "end - value < 2".
common/url.c:p11_url_encode(): should check for overflow in size computation (but this is purely cosmetic).
p11-kit/conf.c:read_config_file() has an overflow in the computation of the malloc length (on 32-bit systems).
common/base64.c:p11_b64_pton() should define tarindex as size_t. Return type would need fixing, too. Or targsize needs to be checked against INT_MAX.
Thanks. Will fix these later in git master.
This needs work in Fedora before updating it in RHEL, bumping to RHEL 7.2
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.