[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()

To: mint@lists.fishpool.fi
Subject: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
From: Vincent Rivière <vincent.riviere@freesbee.fr>
Date: Tue, 27 Nov 2012 23:27:46 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=RWXOvrt6ckqYsEFNArtdLs8xjWGKppP/fFK+ddwTWqI=; b=SzjXufwjLwGY3TnMXMghlh5Jc0tGeMGbiiiMhDRRn75ZL5QvPVtkt3wYVJobCSUi1h 9h6yo33ArqHyJfzafGPX21amobpIMCBIvq21pM9XMUfgaMf7qf+FEeRwDJjGzyTs5J9s zjV7+9F+JBbX91XDovazUmbFRLR5h8VVth0F0lOTfQCxphqT1i8eogBaNlk7LuPXtKW3 dgaTkHcMgpCogFNtGlNH6+MG6NDmyytv/sB+NLmIP/mDYTJ5M9vzliWC+A5BzdV1aLuG 03gfYfMtep8k4px2MgYxoYYZgvuEuCF2qzGxdKmT4fhKmSc24ykxb2jCetLd6AwWplSI atqw==
In-reply-to: <op.woga60ejofd6j1@nebbiolo>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <50A94E7D.8000005@freesbee.fr> <50B3DE48.3010107@freesbee.fr> <op.woenc6ikofd6j1@nebbiolo> <op.woeom70jofd6j1@nebbiolo> <50B52207.9050306@freesbee.fr> <op.wogae0gfofd6j1@nebbiolo> <op.woga60ejofd6j1@nebbiolo>
Sender: mint-bounce@lists.fishpool.fi
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 27/11/2012 22:26, Helmut Karlowski wrote:

That one's better ...


Good.
I see that you have committed your changes.

I have recompiled XaAES from CVS, it works fine, now :-)
Thank you, Helmut.
I consider that the issue is fixed.

BTW, I see something which looks wrong in your patch:
while (scuts->c && scuts-sc < objs)

In C, && expressions are evaluated from left to right.

This means that in the case of (scuts-sc < objs) (which actually meansbuffer overflow) you still have accessed scuts->c just before. This meansthat you have accessed the area just after the buffer, which may be aforbidden area, etc.


If you reverse the && operands, that will be OK.

Also, there is something strange in the allocation :
len = ((long)objs + 1) * sizeof(struct sc);

That +1 may indicate that the sc array may be terminated by a null entry.I'm not sure, because I didn't look carefully to the code. But you shouldensure that the code will behave well when the buffer is full. I mean nearto overflow, when there is no more room for that +1 entry.


--
Vincent Rivière

Follow-Ups:
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>

References:
- [MiNT] XaAES regression in launch()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>

Prev by Date: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Next by Date: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Previous by thread: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Next by thread: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Index(es):
- Date
- Thread