amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: libmhash: Fix use-after-free in tests.

Browse source 
* gnu/packages/patches/libmhash-hmac-fix-uaf.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mcrypt.scm (libmhash)[source]: Use it.
This commit is contained in:
Eric Bavier 2020-08-20 15:27:33 -05:00
parent c6443c2c8f
commit 1cc75fef12
No known key found for this signature in database
GPG key ID: FD73CAC719D32566
3 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

22
gnu/packages/patches/libmhash-hmac-fix-uaf.patch Normal file
View file

@ -0,0 +1,22 @@
--- mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:06.628995733 -0500
+++ mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:39.424885862 -0500
@@ -72,8 +72,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
/* Test No 2 */
mutils_memset(tmp, 0, sizeof(tmp));
--- mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:12.940974589 -0500
+++ mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:59.736817812 -0500
@@ -94,8 +94,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
passlen = sizeof(PASSWORD2);
password = (mutils_word8 *) mutils_malloc(passlen + 1);
mutils_strncpy(password, (mutils_word8 *) PASSWORD2, passlen);