|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
patch for CVE-2012-2110 - incorrect?
I was examining the patch for security fix for 5.0:
http://ftp.openbsd.org/pub/OpenBSD/p...ibcrypto.patch part of the patch looks incorrect: - if (!BUF_MEM_grow_clean(b,len+want)) + if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) "len + want < len" should always be false unless "want" can be negative. If "want" could be negative and that is what the author was trying to detect, then the code should be written: + if (want < 0 || !BUF_MEM_grow_clean(b,len+want)) I realize the patch does not show the full source for the file. Am I missing something? |
|
|||
Quote:
http://www.openbsd.org/cgi-bin/cvswe...otate=1.5.16.1 Having spent only a few minutes looking through the file, it appears that there are overflow conditions the author wants to track as part of error handling. As for whether the expression len + want < len can be simplified, you should contact the author. Alternatively, you could install -current, modify the code, test, & then post the diff on tech@ for comments. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Videos of Open Source Forum talks from CeBIT 2012 | J65nko | News | 0 | 23rd March 2012 01:44 AM |
Fosdem 2012 (4-5 February) Brussels -Belgium | J65nko | News | 0 | 22nd January 2012 08:51 PM |
Patch question | Mr-Biscuit | Off-Topic | 6 | 4th May 2010 07:47 PM |
Patch for libXemu-1.0.3,1 | mjj | FreeBSD Installation and Upgrading | 1 | 3rd January 2010 09:47 PM |
Incorrect df results (not -h, not a FAQ) | nathang | FreeBSD General | 5 | 8th June 2008 06:44 AM |