diff options
| author | joerg <joerg@pkgsrc.org> | 2013-03-02 17:57:53 +0000 |
|---|---|---|
| committer | joerg <joerg@pkgsrc.org> | 2013-03-02 17:57:53 +0000 |
| commit | 2d42a73bcaefcd9d4fc05c6c7d349c4895c20cce (patch) | |
| tree | 6f980e5dc3fed0867f3cdec4abdaded1b7bb07f1 /security | |
| parent | f269a6fe62144240361fd5b5fc7925f3b1d5028f (diff) | |
| download | pkgsrc-2d42a73bcaefcd9d4fc05c6c7d349c4895c20cce.tar.gz | |
Flatten a variable size union to a alloca'd buffer.
Diffstat (limited to 'security')
| -rw-r--r-- | security/seccure/distinfo | 3 | ||||
| -rw-r--r-- | security/seccure/patches/patch-seccure.c | 78 |
2 files changed, 80 insertions, 1 deletions
diff --git a/security/seccure/distinfo b/security/seccure/distinfo index 53922f95e21..df82959785b 100644 --- a/security/seccure/distinfo +++ b/security/seccure/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.2 2010/01/31 23:24:24 joerg Exp $ +$NetBSD: distinfo,v 1.3 2013/03/02 17:57:53 joerg Exp $ SHA1 (seccure-0.4.tar.gz) = 883e335f58cc36279c33493ab219f4940a46dab8 RMD160 (seccure-0.4.tar.gz) = fc35fdf69372c39b20a67c5341b1e36ce6bf8e9f Size (seccure-0.4.tar.gz) = 31881 bytes SHA1 (patch-aa) = 4813ab5c58779c490a0e96314333b90397df97cd +SHA1 (patch-seccure.c) = 61ff85bc1e6d4d7ec59903328ec079d176ba4e92 diff --git a/security/seccure/patches/patch-seccure.c b/security/seccure/patches/patch-seccure.c new file mode 100644 index 00000000000..a5c97855cce --- /dev/null +++ b/security/seccure/patches/patch-seccure.c @@ -0,0 +1,78 @@ +$NetBSD: patch-seccure.c,v 1.1 2013/03/02 17:57:53 joerg Exp $ + +--- seccure.c.orig 2013-03-01 23:39:45.000000000 +0000 ++++ seccure.c +@@ -685,10 +685,11 @@ int app_verify(const char *pubkey, const + fatal("Invalid verification key (wrong length)"); + + if (decompress_from_string(&Q, pubkey, DF_COMPACT, cp)) { +- union { +- char compact[cp->sig_len_compact + 2]; +- char bin[cp->sig_len_bin]; +- } sigbuf; ++ char *sigbuf; ++ size_t len = cp->sig_len_compact + 2; ++ if (len < cp->sig_len_bin) ++ len = cp->sig_len_bin; ++ sigbuf = alloca(len); + + err = gcry_md_open(&mh, GCRY_MD_SHA512, 0); + if (gcry_err_code(err)) +@@ -700,7 +701,7 @@ int app_verify(const char *pubkey, const + fatal_errno("Cannot open signature file", errno); + + if (opt_sigbin) { +- if (fread(sigbuf.bin, cp->sig_len_bin, 1, sigfile) != 1) { ++ if (fread(sigbuf, cp->sig_len_bin, 1, sigfile) != 1) { + if (ferror(sigfile)) + fatal_errno("Cannot read signature", errno); + else { +@@ -711,11 +712,11 @@ int app_verify(const char *pubkey, const + } + } + else { +- sigbuf.compact[0] = 0; +- if (! fgets(sigbuf.compact, cp->sig_len_compact + 2, sigfile) && ++ sigbuf[0] = 0; ++ if (! fgets(sigbuf, cp->sig_len_compact + 2, sigfile) && + ferror(sigfile)) + fatal_errno("Cannot read signature", errno); +- sigbuf.compact[strcspn(sigbuf.compact, " \r\n")] = '\0'; ++ sigbuf[strcspn(sigbuf, " \r\n")] = '\0'; + } + + if (fclose(sigfile)) +@@ -727,12 +728,12 @@ int app_verify(const char *pubkey, const + + if (opt_sigappend) { + if (opt_sigbin) +- verisign_loop(opt_fdin, opt_fdout, &mh, sigbuf.bin, ++ verisign_loop(opt_fdin, opt_fdout, &mh, sigbuf, + cp->sig_len_bin, opt_sigcopy); + else { +- verisign_loop(opt_fdin, opt_fdout, &mh, sigbuf.compact, ++ verisign_loop(opt_fdin, opt_fdout, &mh, sigbuf, + cp->sig_len_compact, opt_sigcopy); +- sigbuf.compact[cp->sig_len_compact] = 0; ++ sigbuf[cp->sig_len_compact] = 0; + } + } + else +@@ -751,7 +752,7 @@ int app_verify(const char *pubkey, const + + if (! opt_sigbin) { + if (! sig) +- sig = sigbuf.compact; ++ sig = sigbuf; + if (strlen(sig) != cp->sig_len_compact) { + print_quiet("Invalid signature (wrong length)!\n", 1); + goto error; +@@ -763,7 +764,7 @@ int app_verify(const char *pubkey, const + } + } + else +- assert(deserialize_mpi(&s, DF_BIN, sigbuf.bin, cp->sig_len_bin)); ++ assert(deserialize_mpi(&s, DF_BIN, sigbuf, cp->sig_len_bin)); + + if ((res = ECDSA_verify(md, &Q, s, cp))) + print_quiet("Signature successfully verified!\n", 0); |