ExternalVendorCode/serval-dna
1
0
Fork 0
mirror of https://github.com/servalproject/serval-dna.git synced 2025-01-18 02:39:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix Rhizome manifest parsing bug

Browse Source 
If an over-large manifest was supplied, signature extraction went
into a tight loop
This commit is contained in:
Andrew Bettison 2014-04-29 15:08:02 +09:30
parent 684735b11c
commit 00dc3bf27e
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rhizome_bundle.c
View File

@ -382,6 +382,7 @@ int rhizome_manifest_verify(rhizome_manifest *m)
assert(m->manifest_body_bytes > 0);
assert(m->manifest_all_bytes > 0);
assert(m->manifest_body_bytes <= m->manifest_all_bytes);
assert(m->sig_count == 0);
if (m->manifest_body_bytes == m->manifest_all_bytes)
assert(m->manifestdata[m->manifest_body_bytes - 1] == '\0');
// Hash the body

1
rhizome_crypto.c
View File

@ -507,6 +507,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m, unsigned *ofs)
if (*ofs + len > m->manifest_all_bytes) {
WARNF("Invalid signature at offset %u: type=%#02x gives len=%u that overruns manifest size",
*ofs, sigType, len);
*ofs = m->manifest_all_bytes;
RETURN(1);
}
*ofs += len;