commit: 62b38c216dc300d3300f24a19d8de5ff6fc644bb Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Dec 20 10:34:22 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Dec 20 10:35:08 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62b38c21
app-crypt/mhash: fix UAF in tests Closes: https://bugs.gentoo.org/914173 Signed-off-by: Sam James <sam <AT> gentoo.org> .../mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch | 19 +++++++++++++++++++ app-crypt/mhash/mhash-0.9.9.9-r3.ebuild | 1 + 2 files changed, 20 insertions(+) diff --git a/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch new file mode 100644 index 000000000000..cd9b3c041891 --- /dev/null +++ b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/914173 +https://sourceforge.net/p/mhash/patches/12/ +https://sourceforge.net/p/mhash/bugs/43/ + +Fixes a segfault due to use-after-free on x86 & ARM in the test suite. + +Index: mhash-0.9.9.9/src/hmac_test.c +=================================================================== +--- mhash-0.9.9.9/src/hmac_test.c ++++ mhash-0.9.9.9/src/hmac_test.c 2020-04-01 00:04:44.039815882 +0200 +@@ -76,8 +76,6 @@ + + /* Test No 2 */ + +- mutils_memset(tmp, 0, sizeof(tmp)); +- + passlen=sizeof(KEY2) - 1; + password = (mutils_word8 *) mutils_malloc(passlen+1); + mutils_memcpy(password, KEY2, passlen); diff --git a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild index e2dff3f8b8ba..59e8dcb9010e 100644 --- a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild +++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild @@ -26,6 +26,7 @@ PATCHES=( "${FILESDIR}"/${P}-align.patch "${FILESDIR}"/${P}-alignment.patch "${FILESDIR}"/${P}-no-malloc-check.patch + "${FILESDIR}"/${P}-hmac-uaf-test.patch ) DOCS=( doc/example.c doc/skid2-authentication )
