summaryrefslogtreecommitdiff
path: root/legacy/eet
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2012-05-30 02:19:07 +0000
committerCedric BAIL <cedric.bail@free.fr>2012-05-30 02:19:07 +0000
commit2c4c47ae0f85bb5ed22aa93201328da7f29d9153 (patch)
tree583f1aa0abf3952f12435b80778efd1d391f119f /legacy/eet
parent140e97171b9ee768210b8c131b7a891d214e09e1 (diff)
eet: properly check buffer size during decipher.
Fix bug #1017. SVN revision: 71524
Diffstat (limited to 'legacy/eet')
-rw-r--r--legacy/eet/ChangeLog4
-rw-r--r--legacy/eet/NEWS1
-rw-r--r--legacy/eet/src/lib/eet_cipher.c2
3 files changed, 6 insertions, 1 deletions
diff --git a/legacy/eet/ChangeLog b/legacy/eet/ChangeLog
index 9df47e5991..c862049930 100644
--- a/legacy/eet/ChangeLog
+++ b/legacy/eet/ChangeLog
@@ -594,3 +594,7 @@
5942012-05-15 Cedric Bail 5942012-05-15 Cedric Bail
595 595
596 * Make eet_dictionary thread safe. 596 * Make eet_dictionary thread safe.
597
5982012-05-30 Cedric Bail
599
600 * Check that gnutls and openssl don't return below zero size during decipher.
diff --git a/legacy/eet/NEWS b/legacy/eet/NEWS
index 5d11d3ee9d..f7da97e26e 100644
--- a/legacy/eet/NEWS
+++ b/legacy/eet/NEWS
@@ -6,6 +6,7 @@ Changes since Eet 1.6.0:
6Fixes: 6Fixes:
7 * Force destruction of all pending file when shuting down eet. 7 * Force destruction of all pending file when shuting down eet.
8 * Make eet_dictionary thread safe. 8 * Make eet_dictionary thread safe.
9 * Check that gnutls and openssl don't return below zero size during decipher.
9 10
10Eet 1.6.0 11Eet 1.6.0
11 12
diff --git a/legacy/eet/src/lib/eet_cipher.c b/legacy/eet/src/lib/eet_cipher.c
index 2425e22293..9441d8c562 100644
--- a/legacy/eet/src/lib/eet_cipher.c
+++ b/legacy/eet/src/lib/eet_cipher.c
@@ -1219,7 +1219,7 @@ eet_decipher(const void *data,
1219 /* Get the decrypted data size */ 1219 /* Get the decrypted data size */
1220 tmp = *ret; 1220 tmp = *ret;
1221 tmp = ntohl(tmp); 1221 tmp = ntohl(tmp);
1222 if (tmp > tmp_len) 1222 if (tmp > tmp_len || tmp <= 0)
1223 goto on_error; 1223 goto on_error;
1224 1224
1225 /* Update the return values */ 1225 /* Update the return values */