lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20130204140641.076d7621651d346448fc58f7@canb.auug.org.au>
Date:	Mon, 4 Feb 2013 14:06:41 +1100
From:	Stephen Rothwell <sfr@...b.auug.org.au>
To:	James Morris <jmorris@...ei.org>
Cc:	linux-next@...r.kernel.org, linux-kernel@...r.kernel.org,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>,
	Dmitry Kasatkin <dmitry.kasatkin@...el.com>
Subject: linux-next: manual merge of the security tree with Linus' tree

Hi James,

Today's linux-next merge of the security tree got a conflict in
lib/digsig.c between commit 7810cc1e7721 ("digsig: Fix memory leakage in
digsig_verify_rsa()") from Linus' tree and commit 26d438457ed1 ("digsig:
remove unnecessary memory allocation and copying") from the security tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@...b.auug.org.au

diff --cc lib/digsig.c
index dc2be7e,0103c5b..0000000
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@@ -162,13 -152,9 +152,11 @@@ static int digsig_verify_rsa(struct ke
  	memset(out1, 0, head);
  	memcpy(out1 + head, p, l);
  
 +	kfree(p);
 +
- 	err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
- 	if (err)
- 		goto err;
+ 	m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
  
- 	if (len != hlen || memcmp(out2, h, hlen))
+ 	if (!m || len != hlen || memcmp(m, h, hlen))
  		err = -EINVAL;
  
  err:

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ