| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2013 14:06:41 +1100
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: James Morris <jmorris@...ei.org>
Cc: linux-next@...r.kernel.org, linux-kernel@...r.kernel.org,
YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>,
Dmitry Kasatkin <dmitry.kasatkin@...el.com>
Subject: linux-next: manual merge of the security tree with Linus' tree
Hi James,
Today's linux-next merge of the security tree got a conflict in
lib/digsig.c between commit 7810cc1e7721 ("digsig: Fix memory leakage in
digsig_verify_rsa()") from Linus' tree and commit 26d438457ed1 ("digsig:
remove unnecessary memory allocation and copying") from the security tree.
I fixed it up (see below) and can carry the fix as necessary (no action
is required).
--
Cheers,
Stephen Rothwell sfr@...b.auug.org.au
diff --cc lib/digsig.c
index dc2be7e,0103c5b..0000000
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@@ -162,13 -152,9 +152,11 @@@ static int digsig_verify_rsa(struct ke
memset(out1, 0, head);
memcpy(out1 + head, p, l);
+ kfree(p);
+
- err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
- if (err)
- goto err;
+ m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
- if (len != hlen || memcmp(out2, h, hlen))
+ if (!m || len != hlen || memcmp(m, h, hlen))
err = -EINVAL;
err:
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists