head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.32 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.30 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.28 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.26 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.24 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.22 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.20 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.18 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.16 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.14 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.12 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.10 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.8 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.6 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.4 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.2 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.1.0.4 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2006.08.29.10.23.10; author shannonjr; state dead; branches; next 1.1; 1.1 date 2006.06.23.12.28.55; author shannonjr; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.06.23.12.28.55; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.06.25.09.06.19; author snj; state Exp; branches; next ; desc @@ 1.2 log @Update to 1.9.22. @ text @$NetBSD: patch-ba,v 1.1 2006/06/23 12:28:55 shannonjr Exp $ --- ./g10/parse-packet.c.orig 2005-07-27 08:18:03.000000000 -0600 +++ ./g10/parse-packet.c @@@@ -1995,6 +1995,19 @@@@ parse_attribute( iobuf_t inp, int pkttyp byte *p; #define EXTRA_UID_NAME_SPACE 71 + /* Cap the size of a user ID at 2k: a value absurdly large enough + that there is no sane user ID string (which is printable text + as of RFC2440bis) that won't fit in it, but yet small enough to + avoid allocation problems. A large pktlen may not be + allocatable, and a very large pktlen could actually cause our + allocation to wrap around in xmalloc to a small number. */ + + if(pktlen>2048) + { + log_error("packet(%d) too large\n", pkttype); + iobuf_skip_rest(inp, pktlen, 0); + return G10ERR_INVALID_PACKET; + } packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id + EXTRA_UID_NAME_SPACE); @ 1.1 log @Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ba was added on branch pkgsrc-2006Q1 on 2006-06-23 12:28:55 +0000 @ text @d1 24 @ 1.1.2.2 log @Pullup ticket 1710 - requested by salo security fix for gnupg-devel Revisions pulled up: - pkgsrc/security/gnupg-devel/Makefile 1.17 - pkgsrc/security/gnupg-devel/distinfo 1.12 - pkgsrc/security/gnupg-devel/patches/patch-ba 1.1 Module Name: pkgsrc Committed By: shannonjr Date: Fri Jun 23 12:28:55 UTC 2006 Modified Files: pkgsrc/security/gnupg-devel: Makefile buildlink3.mk distinfo Added Files: pkgsrc/security/gnupg-devel/patches: patch-ba Log Message: Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/ @ text @a0 24 $NetBSD: patch-ba,v 1.1.2.1 2006/06/25 09:06:19 snj Exp $ --- ./g10/parse-packet.c.orig 2005-07-27 08:18:03.000000000 -0600 +++ ./g10/parse-packet.c @@@@ -1995,6 +1995,19 @@@@ parse_attribute( iobuf_t inp, int pkttyp byte *p; #define EXTRA_UID_NAME_SPACE 71 + /* Cap the size of a user ID at 2k: a value absurdly large enough + that there is no sane user ID string (which is printable text + as of RFC2440bis) that won't fit in it, but yet small enough to + avoid allocation problems. A large pktlen may not be + allocatable, and a very large pktlen could actually cause our + allocation to wrap around in xmalloc to a small number. */ + + if(pktlen>2048) + { + log_error("packet(%d) too large\n", pkttype); + iobuf_skip_rest(inp, pktlen, 0); + return G10ERR_INVALID_PACKET; + } packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id + EXTRA_UID_NAME_SPACE); @