← Back to branch summary

~ubuntu-branches/debian/stretch/dropbear/stretch

~ubuntu-branches/debian/stretch/dropbear/stretch

« back to all changes in this revision

Viewing changes to debian/diff/0004-cve-2013-4421.diff

Committer: Package Import Robot
Author(s): Gerrit Pape, Matt Johnston, Gerrit Pape
Date: 2013-10-25 15:00:48 UTC
mfrom: (1.4.6)
Revision ID: package-import@ubuntu.com-20131025150048-3jq765x96xayk392

Tags: 2013.60-1

http://bugs.debian.org/692653

[ Matt Johnston ]
* New upstream release.

[ Gerrit Pape ]
* debian/diff/0004-cve-2013-4421.diff, 0005-user-disclosure.diff:
remove; fixed upstream.
* debian/dropbear.postinst: don't fail if initramfs-tools it not
installed (closes: #692653).

files added:
configure.ac

dropbearconvert.1

dropbearkey.1

files removed:
cli-algo.c

cli-service.c

configure.in

debian/diff/0004-cve-2013-4421.diff

debian/diff/0005-user-disclosure.diff

dropbearkey.8

svr-algo.c

files modified:
.hg_archival.txt

.hgsigs

.hgtags

CHANGES

LICENSE

MULTI

Makefile.in

README

agentfwd.h

algo.h

auth.h

bignum.h

buffer.c

channel.h

circbuffer.c

cli-agentfwd.c

cli-auth.c

cli-authpubkey.c

cli-chansession.c

cli-kex.c

cli-main.c

cli-runopts.c

cli-session.c

common-algo.c

common-channel.c

common-kex.c

common-runopts.c

common-session.c

compat.c

config.guess

config.h.in

config.sub

configure

dbclient.1

dbmulti.c

dbutil.c

dbutil.h

debian/changelog

debian/diff/0001-dbclient.1-dbclient-uses-compression-if-compiled-with.diff

debian/diff/0002-dropbearkey.8-mention-y-option-add-example.diff

debian/diff/0003-options.h-use-usr-bin-xauth-instead-of-usr-bin-X11-xa.diff

debian/dropbear.postinst

debian/rules

debug.h

dropbear.8

dropbearkey.c

dss.c

includes.h

kex.h

libtomcrypt/src/headers/tomcrypt_custom.h

libtommath/Makefile.in

loginrec.c

options.h

packet.c

process-packet.c

queue.c

queue.h

random.c

random.h

rsa.c

runopts.h

scp.c

scpmisc.c

service.h

session.h

signkey.c

sshpty.c

svr-auth.c

svr-authpam.c

svr-authpasswd.c

svr-authpubkeyoptions.c

svr-chansession.c

svr-kex.c

svr-main.c

svr-runopts.c

svr-session.c

svr-tcpfwd.c

svr-x11fwd.c

sysoptions.h

tcp-accept.c

tcpfwd.h

termcodes.c

Show diffs side-by-side

added added

removed removed

debian/diff/0004-cve-2013-4421.diff

1

2

# HG changeset patch

3

# User Matt Johnston <matt@ucc.asn.au>

4

# Date 1368026594 -28800

5

# Node ID 0bf76f54de6fc6dda70985a51ee7b25922e6fea4

6

# Parent 7bd88d546627ff31d0e2d91e6022b3e77a943efb

7

Limit decompressed size

8

9

diff -r 7bd88d546627 -r 0bf76f54de6f packet.c

10

--- a/packet.c Mon Apr 29 23:42:37 2013 +0800

11

+++ b/packet.c Wed May 08 23:23:14 2013 +0800

12

@@ -42,7 +42,7 @@

13

static int checkmac();

14

15

#define ZLIB_COMPRESS_INCR 100

16

-#define ZLIB_DECOMPRESS_INCR 100

17

+#define ZLIB_DECOMPRESS_INCR 1024

18

#ifndef DISABLE_ZLIB

19

static buffer* buf_decompress(buffer* buf, unsigned int len);

20

static void buf_compress(buffer * dest, buffer * src, unsigned int len);

21

@@ -420,7 +420,12 @@

22

}

23

24

if (zstream->avail_out == 0) {

25

- buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR);

26

+ int new_size = 0;

27

+ if (ret->size >= RECV_MAX_PAYLOAD_LEN) {

28

+ dropbear_exit("bad packet, oversized decompressed");

29

+ }

30

+ new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);

31

+ buf_resize(ret, new_size);

32

}

33

}

34

}

35

Older »