← Back to branch summary

~ubuntu-branches/ubuntu/lucid/konversation/lucid-updates

« back to all changes in this revision

Viewing changes to src/cipher.cpp

  • Committer: Package Import Robot
  • Author(s): Jonathan Riddell
  • Date: 2014-11-04 17:40:19 UTC
  • mfrom: (2.4.4 experimental)
  • Revision ID: package-import@ubuntu.com-20141104174019-djxmmslchwd6uowc
Tags: 1.2.3-1ubuntu2.1
https://launchpad.net/bugs/1389296
* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/cipher.cpp
347
347
        }
348
348
        else
349
349
        {
 
350
        // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
 
351
        if ((temp.length() % 12) != 0)
 
352
            return cipherText;
 
353
 
350
354
            temp = b64ToByte(temp);
351
 
            while((temp.length() % 8) != 0) temp.append('\0');
 
355
            while ((temp.length() % 8) != 0) temp.append('\0');
352
356
        }
353
357
 
354
358
        QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode;
356
360
        QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray();
357
361
        temp2 += cipher.final().toByteArray();
358
362
 
359
 
        if(!cipher.ok())
 
363
        if (!cipher.ok())
360
364
            return cipherText;
361
365
 
362
 
        if(direction)
 
366
        if (direction)
 
367
        {
 
368
            // Sanity check
 
369
            if ((temp2.length() % 8) != 0)
 
370
                return cipherText;
 
371
 
363
372
            temp2 = byteToB64(temp2);
 
373
        }
364
374
 
365
375
        return temp2;
366
376
    }