1
0

005-CVE-2015-7696-heap-overflow.patch 740 B

123456789101112131415161718192021
  1. --- a/crypt.c
  2. +++ b/crypt.c
  3. @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
  4. GLOBAL(pInfo->encrypted) = FALSE;
  5. defer_leftover_input(__G);
  6. for (n = 0; n < RAND_HEAD_LEN; n++) {
  7. - b = NEXTBYTE;
  8. + /* 2012-11-23 SMS. (OUSPG report.)
  9. + * Quit early if compressed size < HEAD_LEN. The resulting
  10. + * error message ("unable to get password") could be improved,
  11. + * but it's better than trying to read nonexistent data, and
  12. + * then continuing with a negative G.csize. (See
  13. + * fileio.c:readbyte()).
  14. + */
  15. + if ((b = NEXTBYTE) == (ush)EOF)
  16. + {
  17. + return PK_ERR;
  18. + }
  19. h[n] = (uch)b;
  20. Trace((stdout, " (%02x)", h[n]));
  21. }