eet: properly check buffer size during decipher.

Fix bug #1017. SVN revision: 71524
2012-05-30 02:19:07 +00:00 · 2012-05-30 02:19:07 +00:00 · 2c4c47ae0f
parent 140e97171b
commit 2c4c47ae0f
3 changed files with 6 additions and 1 deletions
--- a/legacy/eet/ChangeLog
+++ b/legacy/eet/ChangeLog
@ -594,3 +594,7 @@
 2012-05-15  Cedric Bail

 	* Make eet_dictionary thread safe.
+
+2012-05-30  Cedric Bail
+
+	* Check that gnutls and openssl don't return below zero size during decipher.
--- a/legacy/eet/NEWS
+++ b/legacy/eet/NEWS
@ -6,6 +6,7 @@ Changes since Eet 1.6.0:
 Fixes:
    * Force destruction of all pending file when shuting down eet.
    * Make eet_dictionary thread safe.
+    * Check that gnutls and openssl don't return below zero size during decipher.

 Eet 1.6.0

--- a/legacy/eet/src/lib/eet_cipher.c
+++ b/legacy/eet/src/lib/eet_cipher.c
@ -1219,7 +1219,7 @@ eet_decipher(const void   *data,
   /* Get the decrypted data size */
   tmp = *ret;
   tmp = ntohl(tmp);
-   if (tmp > tmp_len)
+   if (tmp > tmp_len || tmp <= 0)
     goto on_error;

   /* Update the return values */