diff options
Diffstat (limited to 'net/filezilla/patches/patch-CVE-2013-4206')
-rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4206 | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/net/filezilla/patches/patch-CVE-2013-4206 b/net/filezilla/patches/patch-CVE-2013-4206 new file mode 100644 index 00000000000..f25232c459b --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4206 @@ -0,0 +1,87 @@ +$NetBSD: patch-CVE-2013-4206,v 1.1.2.2 2013/08/21 21:59:57 tron Exp $ + +fixes also CVE-2013-4207 +http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 +http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 + +--- src/putty/sshbn.c.orig 2011-08-21 17:53:50.000000000 +0000 ++++ src/putty/sshbn.c +@@ -1018,6 +1018,13 @@ Bignum modmul(Bignum p, Bignum q, Bignum + + pqlen = (p[0] > q[0] ? p[0] : q[0]); + ++ /* ++ * Make sure that we're allowing enough space. The shifting below ++ * will underflow the vectors we allocate if pqlen is too small. ++ */ ++ if (2*pqlen <= mlen) ++ pqlen = mlen/2 + 1; ++ + /* Allocate n of size pqlen, copy p to n */ + n = snewn(pqlen, BignumInt); + i = pqlen - p[0]; +@@ -1306,7 +1313,18 @@ int ssh1_write_bignum(void *data, Bignum + int bignum_cmp(Bignum a, Bignum b) + { + int amax = a[0], bmax = b[0]; +- int i = (amax > bmax ? amax : bmax); ++ int i; ++ ++ /* Annoyingly we have two representations of zero */ ++ if (amax == 1 && a[amax] == 0) ++ amax = 0; ++ if (bmax == 1 && b[bmax] == 0) ++ bmax = 0; ++ ++ assert(amax == 0 || a[amax] != 0); ++ assert(bmax == 0 || b[bmax] != 0); ++ ++ i = (amax > bmax ? amax : bmax); + while (i) { + BignumInt aval = (i > amax ? 0 : a[i]); + BignumInt bval = (i > bmax ? 0 : b[i]); +@@ -1864,6 +1882,44 @@ int main(int argc, char **argv) + freebn(b); + freebn(c); + freebn(p); ++ } else if (!strcmp(buf, "modmul")) { ++ Bignum a, b, m, c, p; ++ ++ if (ptrnum != 4) { ++ printf("%d: modmul with %d parameters, expected 4\n", ++ line, ptrnum); ++ exit(1); ++ } ++ a = bignum_from_bytes(ptrs[0], ptrs[1]-ptrs[0]); ++ b = bignum_from_bytes(ptrs[1], ptrs[2]-ptrs[1]); ++ m = bignum_from_bytes(ptrs[2], ptrs[3]-ptrs[2]); ++ c = bignum_from_bytes(ptrs[3], ptrs[4]-ptrs[3]); ++ p = modmul(a, b, m); ++ ++ if (bignum_cmp(c, p) == 0) { ++ passes++; ++ } else { ++ char *as = bignum_decimal(a); ++ char *bs = bignum_decimal(b); ++ char *ms = bignum_decimal(m); ++ char *cs = bignum_decimal(c); ++ char *ps = bignum_decimal(p); ++ ++ printf("%d: fail: %s * %s mod %s gave %s expected %s\n", ++ line, as, bs, ms, ps, cs); ++ fails++; ++ ++ sfree(as); ++ sfree(bs); ++ sfree(ms); ++ sfree(cs); ++ sfree(ps); ++ } ++ freebn(a); ++ freebn(b); ++ freebn(m); ++ freebn(c); ++ freebn(p); + } else if (!strcmp(buf, "pow")) { + Bignum base, expt, modulus, expected, answer; + |