Fix CVE-2016-5434 (DoS/loop and out of boundary read) - pacman - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Nils Freydank <holgersson@posteo.de>	2017-10-20 22:42:32 +0200
committer	Allan McRae <allan@archlinux.org>	2017-12-07 14:59:26 +1000
commit	ad0517d3711b6826cd7a95b99beb36ccd072c2e0 (patch)
tree	00d0b319c56437d9992f5381c64ed59951bc9319 /scripts
parent	44f3a157983e903f926b4f11ddb3f57d111e60f9 (diff)
download	pacman-ad0517d3711b6826cd7a95b99beb36ccd072c2e0.tar.xz

Fix CVE-2016-5434 (DoS/loop and out of boundary read)

This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using functions instead of macros. (Thanks to Tobias for explanations of his patch.) A short question on Freenode IRC showed that macros are generally discouraged and functions should be used. The patch introduces a static size_t length_check() in libalpm/signing.c. [1] Original patch: https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html CVE request (and assignment): http://seclists.org/oss-sec/2016/q2/526 Signed-off-by: Allan McRae <allan@archlinux.org>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: