[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda |
Date: |
Thu, 25 Mar 2010 09:13:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=0b75dda062ff88870a14ffb5301be1a69847ec3e
The branch, gsasl_1_4_x has been updated
via 0b75dda062ff88870a14ffb5301be1a69847ec3e (commit)
from 39da1d85b0b2ad783cdb79da24af9766f7ab0902 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0b75dda062ff88870a14ffb5301be1a69847ec3e
Author: Simon Josefsson <address@hidden>
Date: Thu Mar 25 10:12:28 2010 +0100
SCRAM: Don't read out of bounds when parsing tokens.
-----------------------------------------------------------------------
Summary of changes:
lib/NEWS | 2 ++
lib/scram/parser.c | 8 ++++----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/NEWS b/lib/NEWS
index 1b6f1b2..94d40c3 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -4,6 +4,8 @@ See the end for copying conditions.
* Version 1.4.3 (unreleased) [stable]
+** SCRAM: Don't read out of bounds when parsing tokens.
+
** API and ABI modifications.
No changes since last version.
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index a7fbff5..3a38bb0 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -76,7 +76,7 @@ scram_parse_client_first (const char *str, size_t len,
struct scram_client_first *cf)
{
/* Minimum client first string is 'n,,n=a,r=b'. */
- if (strlen (str) < 10)
+ if (strnlen (str, len) < 10)
return -1;
if (len == 0 || *str != 'n')
@@ -199,7 +199,7 @@ scram_parse_server_first (const char *str, size_t len,
struct scram_server_first *sf)
{
/* Minimum server first string is 'r=ab,s=biws,i=1'. */
- if (strlen (str) < 15)
+ if (strnlen (str, len) < 15)
return -1;
if (len == 0 || *str != 'r')
@@ -308,7 +308,7 @@ scram_parse_client_final (const char *str, size_t len,
struct scram_client_final *cl)
{
/* Minimum client final string is 'c=biws,r=ab,p=ab=='. */
- if (strlen (str) < 18)
+ if (strnlen (str, len) < 18)
return -1;
if (len == 0 || *str != 'c')
@@ -413,7 +413,7 @@ scram_parse_server_final (const char *str, size_t len,
struct scram_server_final *sl)
{
/* Minimum client final string is 'v=ab=='. */
- if (strlen (str) < 6)
+ if (strnlen (str, len) < 6)
return -1;
if (len == 0 || *str != 'v')
hooks/post-receive
--
GNU gsasl
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, gsasl_1_4_x, updated. gsasl-1-4-2-2-g0b75dda,
Simon Josefsson <=