Home GnuPG
Diffusion GPGME 2cbd76f7911f

Fix possible realloc overflow for gpgsm and uiserver engines.
2cbd76f7911fUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Fix possible realloc overflow for gpgsm and uiserver engines.

* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):

After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.

CVE-id: CVE-2014-3564

  • Reported-by: Tomáš Trnka

Details

Provenance
wernerAuthored on Jul 30 2014, 11:04 AM
Parents
rM68116fa5f672: w32: Get IOSPAWN flag back in sync with spawn helper.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rM2cbd76f7911f: Fix possible realloc overflow for gpgsm and uiserver engines. (authored by Werner Koch <wk@gnupg.org>).Jul 30 2014, 11:04 AM

Changes (3)

PathSize
src/

rM2cbd76f7911f

View Options

NEWS

Loading...
View Options

src/engine-gpgsm.c

Loading...
View Options

src/engine-uiserver.c

Loading...