[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: gnu: libmhash: Fix use-after-free in tests.
|
From: |
guix-commits |
|
Subject: |
branch master updated: gnu: libmhash: Fix use-after-free in tests. |
|
Date: |
Thu, 20 Aug 2020 17:16:11 -0400 |
This is an automated email from the git hooks/post-receive script.
bavier pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 1cc75fe gnu: libmhash: Fix use-after-free in tests.
1cc75fe is described below
commit 1cc75fef122db08dd30a86a8074e7ac10fbc00c0
Author: Eric Bavier <bavier@member.fsf.org>
AuthorDate: Thu Aug 20 15:27:33 2020 -0500
gnu: libmhash: Fix use-after-free in tests.
* gnu/packages/patches/libmhash-hmac-fix-uaf.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mcrypt.scm (libmhash)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/mcrypt.scm | 5 +++--
gnu/packages/patches/libmhash-hmac-fix-uaf.patch | 22 ++++++++++++++++++++++
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 4d1c7f3..8d8f5b7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1295,6 +1295,7 @@ dist_patch_DATA =
\
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/libmemcached-build-with-gcc7.patch \
+ %D%/packages/patches/libmhash-hmac-fix-uaf.patch \
%D%/packages/patches/mediastreamer2-srtp2.patch \
%D%/packages/patches/mesa-skip-disk-cache-test.patch \
%D%/packages/patches/mescc-tools-boot.patch \
diff --git a/gnu/packages/mcrypt.scm b/gnu/packages/mcrypt.scm
index fb55293..d0cfb8f 100644
--- a/gnu/packages/mcrypt.scm
+++ b/gnu/packages/mcrypt.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2014, 2020 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
@@ -94,7 +94,8 @@ XTEA, 3WAY, TWOFISH, BLOWFISH, ARCFOUR, WAKE and more.")
(sha256
(base32
"1w7yiljan8gf1ibiypi6hm3r363imm3sxl1j8hapjdq3m591qljn"))
- (patches (search-patches "mhash-keygen-test-segfault.patch"))))
+ (patches (search-patches "mhash-keygen-test-segfault.patch"
+ "libmhash-hmac-fix-uaf.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("perl" ,perl))) ;for tests
diff --git a/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
b/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
new file mode 100644
index 0000000..76f937f
--- /dev/null
+++ b/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
@@ -0,0 +1,22 @@
+--- mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:06.628995733 -0500
++++ mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:39.424885862 -0500
+@@ -72,8 +72,6 @@
+ return(MUTILS_INVALID_RESULT);
+ }
+
+- mutils_free(tmp);
+-
+ /* Test No 2 */
+
+ mutils_memset(tmp, 0, sizeof(tmp));
+--- mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:12.940974589 -0500
++++ mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:59.736817812 -0500
+@@ -94,8 +94,6 @@
+ return(MUTILS_INVALID_RESULT);
+ }
+
+- mutils_free(tmp);
+-
+ passlen = sizeof(PASSWORD2);
+ password = (mutils_word8 *) mutils_malloc(passlen + 1);
+ mutils_strncpy(password, (mutils_word8 *) PASSWORD2, passlen);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: gnu: libmhash: Fix use-after-free in tests.,
guix-commits <=