[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda

gsasl-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda

From:	Simon Josefsson
Subject:	[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda
Date:	Thu, 25 Mar 2010 09:13:46 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=0b75dda062ff88870a14ffb5301be1a69847ec3e

The branch, gsasl_1_4_x has been updated
       via  0b75dda062ff88870a14ffb5301be1a69847ec3e (commit)
      from  39da1d85b0b2ad783cdb79da24af9766f7ab0902 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0b75dda062ff88870a14ffb5301be1a69847ec3e
Author: Simon Josefsson <address@hidden>
Date:   Thu Mar 25 10:12:28 2010 +0100

    SCRAM: Don't read out of bounds when parsing tokens.

-----------------------------------------------------------------------

Summary of changes:
 lib/NEWS           |    2 ++
 lib/scram/parser.c |    8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/NEWS b/lib/NEWS
index 1b6f1b2..94d40c3 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -4,6 +4,8 @@ See the end for copying conditions.
 
 * Version 1.4.3 (unreleased) [stable]
 
+** SCRAM: Don't read out of bounds when parsing tokens.
+
 ** API and ABI modifications.
 No changes since last version.
 
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index a7fbff5..3a38bb0 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -76,7 +76,7 @@ scram_parse_client_first (const char *str, size_t len,
                          struct scram_client_first *cf)
 {
   /* Minimum client first string is 'n,,n=a,r=b'. */
-  if (strlen (str) < 10)
+  if (strnlen (str, len) < 10)
     return -1;
 
   if (len == 0 || *str != 'n')
@@ -199,7 +199,7 @@ scram_parse_server_first (const char *str, size_t len,
                          struct scram_server_first *sf)
 {
   /* Minimum server first string is 'r=ab,s=biws,i=1'. */
-  if (strlen (str) < 15)
+  if (strnlen (str, len) < 15)
     return -1;
 
   if (len == 0 || *str != 'r')
@@ -308,7 +308,7 @@ scram_parse_client_final (const char *str, size_t len,
                          struct scram_client_final *cl)
 {
   /* Minimum client final string is 'c=biws,r=ab,p=ab=='. */
-  if (strlen (str) < 18)
+  if (strnlen (str, len) < 18)
     return -1;
 
   if (len == 0 || *str != 'c')
@@ -413,7 +413,7 @@ scram_parse_server_final (const char *str, size_t len,
                          struct scram_server_final *sl)
 {
   /* Minimum client final string is 'v=ab=='. */
-  if (strlen (str) < 6)
+  if (strnlen (str, len) < 6)
     return -1;
 
   if (len == 0 || *str != 'v')


hooks/post-receive
-- 
GNU gsasl

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda, Simon Josefsson <=

Prev by Date: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-58-g239669a
Next by Date: [SCM] GNU gsasl annotated tag, gsasl-1-4-3, created. gsasl-1-4-3
Previous by thread: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-58-g239669a
Next by thread: [SCM] GNU gsasl annotated tag, gsasl-1-4-3, created. gsasl-1-4-3
Index(es):
- Date
- Thread