Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/dist/bind/lib/dst Pull up revision 1.5 (requested by it...
details: https://anonhg.NetBSD.org/src/rev/032be4521b1a
branches: netbsd-1-6
changeset: 528179:032be4521b1a
user: lukem <lukem%NetBSD.org@localhost>
date: Fri Jun 28 11:42:45 2002 +0000
description:
Pull up revision 1.5 (requested by itojun in ticket #387):
Update to BIND 8.3.3. Fixes buffer overrun in resolver code.
diffstat:
dist/bind/lib/dst/bsafe_link.c | 39 +++++++++++++++++++++------------------
1 files changed, 21 insertions(+), 18 deletions(-)
diffs (104 lines):
diff -r 5583139f625e -r 032be4521b1a dist/bind/lib/dst/bsafe_link.c
--- a/dist/bind/lib/dst/bsafe_link.c Fri Jun 28 11:40:28 2002 +0000
+++ b/dist/bind/lib/dst/bsafe_link.c Fri Jun 28 11:42:45 2002 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: bsafe_link.c,v 1.4 2001/05/17 23:00:18 itojun Exp $ */
+/* $NetBSD: bsafe_link.c,v 1.4.2.1 2002/06/28 11:42:45 lukem Exp $ */
#if defined(BSAFE) || defined(DNSSAFE)
-static const char rcsid[] = "Header: /proj/cvs/isc/bind8/src/lib/dst/bsafe_link.c,v 1.12 2001/04/05 21:59:59 bwelling Exp";
+static const char rcsid[] = "Header: /proj/cvs/isc/bind8/src/lib/dst/bsafe_link.c,v 1.15 2001/09/25 04:50:28 marka Exp";
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
@@ -120,7 +120,7 @@
* BSAFE/DNSSAFE related functions
*/
int
-dst_bsafe_init()
+dst_bsafe_init(void)
{
if (dst_t_func[KEY_RSA] != NULL)
return (1);
@@ -329,7 +329,8 @@
if (ret == 0 &&
(status = B_DecryptUpdate(rsaEncryptor, work_area,
&u_bytes, 0,
- (u_char *) signature, sig_len,
+ (const u_char *) signature,
+ sig_len,
NULL_PTR, NULL_SURRENDER)))
ret = VERIFY_FINAL_FAILURE;
@@ -387,24 +388,28 @@
public = (B_KEY_OBJ)((RSA_Key *) in_key->dk_KEY_struct)->rk_Public_Key;
n = B_GetKeyInfo((POINTER *) &pub, public, KI_RSAPublic);
-
- if (out_len < pub->exponent.len) /* not enough space */
+ if (n != 0)
return (-1);
- if (pub->exponent.len < 256) /* key exponent is <= 2040 bits */
+
+ if (pub->exponent.len < 256) { /* key exponent is <= 2040 bits */
+ if ((unsigned int)out_len < pub->exponent.len + 1)
+ return (-1);
*op++ = (u_int8_t) pub->exponent.len;
- else { /* key exponent is > 2040 bits */
+ } else { /* key exponent is > 2040 bits */
u_int16_t e = (u_int16_t) pub->exponent.len;
- *op++ = 0; /* 3 byte lenght field */
+ if ((unsigned int)out_len < pub->exponent.len + 3)
+ return (-1);
+ *op++ = 0; /* 3 byte length field */
dst_s_put_int16(op, e);
op += sizeof(e);
n = 2;
}
+ n++;
+ memcpy(op, pub->exponent.data, pub->exponent.len);
+ op += pub->exponent.len;
n += pub->exponent.len;
- memcpy(op, pub->exponent.data, n);
- op += n;
- n++;
- if ((out_len - n) > pub->modulus.len) {
+ if ((unsigned int)(out_len - n) >= pub->modulus.len) {
/*copy exponent */
memcpy(op, pub->modulus.data, pub->modulus.len);
n += pub->modulus.len;
@@ -614,7 +619,6 @@
int status;
char s[RAW_KEY_SIZE];
int len, s_len = sizeof(s);
- int tag = -1;
const char *p = buff;
RSA_Key *b_key;
A_RSA_KEY *public;
@@ -1052,8 +1056,7 @@
return (SIGN_INIT_FAILURE);
if ((mode & SIG_MODE_UPDATE) && data && (len > 0) &&
- (status = B_DigestUpdate(*digest_obj, (u_char *) data, len,
- NULL_SURRENDER)))
+ (status = B_DigestUpdate(*digest_obj, data, len, NULL_SURRENDER)))
return (SIGN_UPDATE_FAILURE);
if (mode & SIG_MODE_FINAL) {
@@ -1082,13 +1085,13 @@
}
int
-T_memcmp(POINTER firstBlock, POINTER secondBlock, unsigned int len)
+T_memcmp(CPOINTER firstBlock, CPOINTER secondBlock, unsigned int len)
{
return (memcmp(firstBlock, secondBlock, len));
}
void
-T_memcpy(POINTER output, POINTER input, unsigned int len)
+T_memcpy(POINTER output, CPOINTER input, unsigned int len)
{
memcpy(output, input, len);
}
Home |
Main Index |
Thread Index |
Old Index