diff options
author | Cedric BAIL <cedric.bail@free.fr> | 2012-05-30 02:19:07 +0000 |
---|---|---|
committer | Cedric BAIL <cedric.bail@free.fr> | 2012-05-30 02:19:07 +0000 |
commit | da3a9ab15dbab97c40e833849574e927d1c3e63e (patch) | |
tree | 357d65dbdd72652410880ec698b82445b0408d77 | |
parent | adebba2fc223fb82a3bad94f72d2e9f291a7e757 (diff) | |
download | eet-da3a9ab15dbab97c40e833849574e927d1c3e63e.tar.gz |
eet: properly check buffer size during decipher.
Fix bug #1017.
SVN revision: 71524
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/lib/eet_cipher.c | 2 |
3 files changed, 6 insertions, 1 deletions
@@ -594,3 +594,7 @@ 2012-05-15 Cedric Bail * Make eet_dictionary thread safe. + +2012-05-30 Cedric Bail + + * Check that gnutls and openssl don't return below zero size during decipher. @@ -6,6 +6,7 @@ Changes since Eet 1.6.0: Fixes: * Force destruction of all pending file when shuting down eet. * Make eet_dictionary thread safe. + * Check that gnutls and openssl don't return below zero size during decipher. Eet 1.6.0 diff --git a/src/lib/eet_cipher.c b/src/lib/eet_cipher.c index 2425e22..9441d8c 100644 --- a/src/lib/eet_cipher.c +++ b/src/lib/eet_cipher.c @@ -1219,7 +1219,7 @@ eet_decipher(const void *data, /* Get the decrypted data size */ tmp = *ret; tmp = ntohl(tmp); - if (tmp > tmp_len) + if (tmp > tmp_len || tmp <= 0) goto on_error; /* Update the return values */ |