27 lines
909 B
Diff
27 lines
909 B
Diff
The package app-crypt/mhash-0.9.9 as well as app-crypt/mhash-0.9.9-r1 are
|
|
affected by a bug which causes a NULL ptr dereference in whirlpool/snefru
|
|
digest-completion functionality.
|
|
|
|
In this patch, whirlpool and snefru's code is updated to bail if 'digest' is
|
|
NULL. The code portion aborted is only responsible for writing data to the
|
|
digest, so this appears to be correct behavior.
|
|
|
|
Patch already submitted upstream, but depending on speed, this may be faster to
|
|
patch in a new patchset.
|
|
|
|
Gentoo-Bug: 255131
|
|
Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=255131
|
|
Patch-URL: http://bugs.gentoo.org/attachment.cgi?id=178666&action=view
|
|
Signed-off-by: Thomas Harning <harningt@gmail.com>
|
|
|
|
--- a/lib/snefru.c
|
|
+++ b/lib/snefru.c
|
|
@@ -859,6 +859,8 @@
|
|
{
|
|
mutils_word32 i;
|
|
|
|
+ if(!digest) return;
|
|
+
|
|
for (i = 0; i < len; i++, digest += 4)
|
|
{
|
|
*(mutils_word32 *)digest = mutils_bend2sys32(ctx->hash[i]);
|