This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=0b75dda062ff88870a14ffb5301be1a69847ec3e The branch, gsasl_1_4_x has been updated via 0b75dda062ff88870a14ffb5301be1a69847ec3e (commit) from 39da1d85b0b2ad783cdb79da24af9766f7ab0902 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b75dda062ff88870a14ffb5301be1a69847ec3e Author: Simon Josefsson <[email protected]> Date: Thu Mar 25 10:12:28 2010 +0100 SCRAM: Don't read out of bounds when parsing tokens. ----------------------------------------------------------------------- Summary of changes: lib/NEWS | 2 ++ lib/scram/parser.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/NEWS b/lib/NEWS index 1b6f1b2..94d40c3 100644 --- a/lib/NEWS +++ b/lib/NEWS @@ -4,6 +4,8 @@ See the end for copying conditions. * Version 1.4.3 (unreleased) [stable] +** SCRAM: Don't read out of bounds when parsing tokens. + ** API and ABI modifications. No changes since last version. diff --git a/lib/scram/parser.c b/lib/scram/parser.c index a7fbff5..3a38bb0 100644 --- a/lib/scram/parser.c +++ b/lib/scram/parser.c @@ -76,7 +76,7 @@ scram_parse_client_first (const char *str, size_t len, struct scram_client_first *cf) { /* Minimum client first string is 'n,,n=a,r=b'. */ - if (strlen (str) < 10) + if (strnlen (str, len) < 10) return -1; if (len == 0 || *str != 'n') @@ -199,7 +199,7 @@ scram_parse_server_first (const char *str, size_t len, struct scram_server_first *sf) { /* Minimum server first string is 'r=ab,s=biws,i=1'. */ - if (strlen (str) < 15) + if (strnlen (str, len) < 15) return -1; if (len == 0 || *str != 'r') @@ -308,7 +308,7 @@ scram_parse_client_final (const char *str, size_t len, struct scram_client_final *cl) { /* Minimum client final string is 'c=biws,r=ab,p=ab=='. */ - if (strlen (str) < 18) + if (strnlen (str, len) < 18) return -1; if (len == 0 || *str != 'c') @@ -413,7 +413,7 @@ scram_parse_server_final (const char *str, size_t len, struct scram_server_final *sl) { /* Minimum client final string is 'v=ab=='. */ - if (strlen (str) < 6) + if (strnlen (str, len) < 6) return -1; if (len == 0 || *str != 'v') hooks/post-receive -- GNU gsasl _______________________________________________ Gsasl-commit mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gsasl-commit
