DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd April 2012
jsmith6134 jsmith6134 is offline
Port Guard
 
Join Date: May 2009
Posts: 10
Thanked 0 Times in 0 Posts
Default patch for CVE-2012-2110 - incorrect?

I was examining the patch for security fix for 5.0:

http://ftp.openbsd.org/pub/OpenBSD/p...ibcrypto.patch

part of the patch looks incorrect:

- if (!BUF_MEM_grow_clean(b,len+want))
+ if (len + want < len || !BUF_MEM_grow_clean(b,len+want))

"len + want < len" should always be false unless "want" can be negative. If "want" could be negative and that is what the author was trying to detect, then the code should be written:

+ if (want < 0 || !BUF_MEM_grow_clean(b,len+want))

I realize the patch does not show the full source for the file. Am I missing something?
Reply With Quote
  #2   (View Single Post)  
Old 23rd April 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,833
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by jsmith6134 View Post
"len + want < len" should always be false unless "want" can be negative. If "want" could be negative and that is what the author was trying to detect, then the code should be written:

+ if (want < 0 || !BUF_MEM_grow_clean(b,len+want))

I realize the patch does not show the full source for the file. Am I missing something?
Fuller context can be gained by looking at the entire file:

http://www.openbsd.org/cgi-bin/cvswe...otate=1.5.16.1

Having spent only a few minutes looking through the file, it appears that there are overflow conditions the author wants to track as part of error handling. As for whether the expression len + want < len can be simplified, you should contact the author. Alternatively, you could install -current, modify the code, test, & then post the diff on tech@ for comments.
Reply With Quote
  #3   (View Single Post)  
Old 23rd April 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

Quote:
I realize the patch does not show the full source for the file. Am I missing something?
  1. In order to apply the patch, you'll need that source.
  2. Few developers are active on this forum; and only a small subset of the developers work on crypto components.
  3. In my opinion, you might get better results by discussing your concern either on the misc@ mailing list; or perhaps contacting the patch author directly -- Damien Miller (djm@).
----
Ocicat jumped in while I was typing. He may be right that tech@ is more appropriate, as yours is a code-specific question. But I wouldn't post there, myself, unless I was including a patch along with my post. Of these two mailing lists, misc@ seems more applicable for questions, tech@ for patches for testing and analysis.


Personally, I would probably just contact Damien directly if this were my question.

Last edited by jggimi; 23rd April 2012 at 12:20 PM. Reason: misc@ vs. tech@
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Videos of Open Source Forum talks from CeBIT 2012 J65nko News 0 23rd March 2012 01:44 AM
Fosdem 2012 (4-5 February) Brussels -Belgium J65nko News 0 22nd January 2012 08:51 PM
Patch question Mr-Biscuit Off-Topic 6 4th May 2010 07:47 PM
Patch for libXemu-1.0.3,1 mjj FreeBSD Installation and Upgrading 1 3rd January 2010 09:47 PM
Incorrect df results (not -h, not a FAQ) nathang FreeBSD General 5 8th June 2008 06:44 AM


All times are GMT. The time now is 09:28 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick