commit: 9d37ff891f244eb042a906d35abdd0542314b968
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 10:51:29 2015 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 10:51:29 2015 +0000
URL: https://gitweb.gentoo.org/dev/ulm.git/commit/?id=9d37ff89
otpcalc: Add 08_all_extract.patch.
Port changes to the extract() function from the skey patchset,
fixing an out-of-bounds read.
Fix signedness of first function argument.
patchsets/otpcalc/0.97/08_all_extract.patch | 39 +++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/patchsets/otpcalc/0.97/08_all_extract.patch
b/patchsets/otpcalc/0.97/08_all_extract.patch
new file mode 100644
index 0000000..0f0cf41
--- /dev/null
+++ b/patchsets/otpcalc/0.97/08_all_extract.patch
@@ -0,0 +1,39 @@
+Port changes to the extract() function from the skey patchset,
+fixing an out-of-bounds read.
+
+Fix signedness of first function argument.
+
+--- otpCalc-0.97-orig/utility.c
++++ otpCalc-0.97/utility.c
+@@ -28,21 +28,21 @@
+ #include "utility.h"
+
+
+-static unsigned short extract(char *s, int start, int length)
++static unsigned short extract(unsigned char *s, int start, int length)
+ {
+
+- unsigned char cl;
+- unsigned char cc;
+- unsigned char cr;
+ unsigned int x;
++ int end, i;
+
+
+- cl = s[start / 8];
+- cc = s[start / 8 + 1];
+- cr = s[start / 8 + 2];
+- x = ((int) (cl << 8 | cc) << 8 | cr);
+- x = x >> (24 - (length + (start % 8)));
+- x = (x & (0xffff >> (16 - length)));
++ end = start + length - 1;
++ x = 0;
++ for (i = start / 8; i <= end / 8; i++) {
++ x <<= 8;
++ x |= s[i];
++ }
++ x >>= 7 - end % 8;
++ x &= (1 << length) - 1;
+
+ return (unsigned short)x;
+
