Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity/generate_signature.sh.in
diff options
context:
space:
mode:
authorNils Freydank <holgersson@posteo.de>2017-10-20 22:42:32 +0200
committerAllan McRae <allan@archlinux.org>2017-12-07 14:59:26 +1000
commitad0517d3711b6826cd7a95b99beb36ccd072c2e0 (patch)
tree00d0b319c56437d9992f5381c64ed59951bc9319 /scripts/libmakepkg/integrity/generate_signature.sh.in
parent44f3a157983e903f926b4f11ddb3f57d111e60f9 (diff)
Fix CVE-2016-5434 (DoS/loop and out of boundary read)
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using functions instead of macros. (Thanks to Tobias for explanations of his patch.) A short question on Freenode IRC showed that macros are generally discouraged and functions should be used. The patch introduces a static size_t length_check() in libalpm/signing.c. [1] Original patch: https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html CVE request (and assignment): http://seclists.org/oss-sec/2016/q2/526 Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/integrity/generate_signature.sh.in')
0 files changed, 0 insertions, 0 deletions