A new user interface for you! Read more...

File libtasn1-CVE-2015-2806.patch of Package libtasn1

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 26 Mar 2015 17:34:57 +0000 (+0100)
Subject: increased size of LTOSTR_MAX_SIZE to account for sign and null byte
X-Git-Tag: libtasn1_4_4~3
X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff_plain;h=4d4f992826a4962790ecd0cce6fbba4a415ce149;hp=77068c35a32cc31ba6b3af257921ca90696c7945

increased size of LTOSTR_MAX_SIZE to account for sign and null byte

This address an overflow found by Hanno Böck in DER decoding.
---

diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index d3e9009..da9a388 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void)
 
 
 char *
-_asn1_ltostr (long v, char *str)
+_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
 {
   long d, r;
   char temp[LTOSTR_MAX_SIZE];
@@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str)
       count++;
       v = d;
     }
-  while (v);
+  while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
 
   for (k = 0; k < count; k++)
     str[k + start] = temp[start + count - k - 1];
diff --git a/lib/parser_aux.h b/lib/parser_aux.h
index 55d9061..437f1c8 100644
--- a/lib/parser_aux.h
+++ b/lib/parser_aux.h
@@ -52,8 +52,9 @@ void _asn1_delete_list (void);
 
 void _asn1_delete_list_and_nodes (void);
 
-#define LTOSTR_MAX_SIZE 20
-char *_asn1_ltostr (long v, char *str);
+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
+#define LTOSTR_MAX_SIZE 22
+char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
 
 asn1_node _asn1_find_up (asn1_node node);