Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at Thu Feb 26 16:43:29 CET 2009. -------- --- cryptsetup/cryptsetup.changes 2009-02-25 13:58:24.000000000 +0100 +++ cryptsetup/cryptsetup.changes 2009-02-26 15:35:40.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Feb 26 15:34:06 CET 2009 - mhopf@suse.de + +- Fix segfault with oversized hashes (bnc #476290). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- bug-476290_hashalot-hashlen.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cryptsetup.spec ++++++ --- /var/tmp/diff_new_pack.a22655/_old 2009-02-26 16:41:27.000000000 +0100 +++ /var/tmp/diff_new_pack.a22655/_new 2009-02-26 16:41:27.000000000 +0100 @@ -30,7 +30,7 @@ Group: System/Base AutoReqProv: on Version: 1.0.5_SVNr46 -Release: 59 +Release: 60 Summary: Set Up dm-crypt Based Encrypted Block Devices Source: cryptsetup-%{version}.tar.bz2 Source1: hashalot-%haver.tar.bz2 @@ -46,6 +46,7 @@ Patch12: hashalot-ctrl-d.diff Patch13: hashalot-timeout.diff Patch14: hashalot-manpage.diff +Patch15: bug-476290_hashalot-hashlen.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: aaa_base:/etc/init.d/boot.crypto Obsoletes: util-linux-crypto <= 2.12r @@ -122,6 +123,7 @@ %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 popd %build @@ -225,6 +227,8 @@ %{_libdir}/libcryptsetup.so %changelog +* Thu Feb 26 2009 mhopf@suse.de +- Fix segfault with oversized hashes (bnc #476290). * Wed Feb 25 2009 jsmeix@suse.de - Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and mkinitrd-setup.sh when the same password is used for all ++++++ bug-476290_hashalot-hashlen.diff ++++++ diff -up hashalot-0.3/hashalot.c.orig hashalot-0.3/hashalot.c --- hashalot-0.3/hashalot.c.orig 2009-02-11 19:31:16.000000000 -0600 +++ hashalot-0.3/hashalot.c 2009-02-11 19:47:46.000000000 -0600 @@ -34,6 +34,7 @@ #include "sha512.h" #define PASSWDBUFFLEN 130 +#define MAXHASHLEN (ULONG_MAX/2 - 2) typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); @@ -179,8 +180,7 @@ static void * xmalloc (size_t size) { void *p; - if (size == 0) - return NULL; + assert(size != 0); p = malloc(size); if (p == NULL) { @@ -239,6 +239,12 @@ main(int argc, char *argv[]) show_usage(argv[0]); exit(EXIT_FAILURE); } + if (hashlen >= MAXHASHLEN) { + fprintf(stderr, + "please supply a value smaller than %lu for the -n option\n", + MAXHASHLEN); + exit(EXIT_FAILURE); + } break; case 's': salt = optarg; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org