[Pkg-bitcoin-commits] [groestlcoin] 02/03: Add patch cherry-picked from Bitcoin, to fix securely erase CBase58Data::SetString temprorary buffer.

Jonas Smedegaard dr at jones.dk
Sun Apr 24 18:56:05 UTC 2016 

This is an automated email from the git hooks/post-receive script.

js pushed a commit to branch master
in repository groestlcoin.

commit 5430a61d6c7e88f77b91dbc8099baa9f82102be2
Author: Jonas Smedegaard <dr at jones.dk>
Date:   Sun Apr 24 18:23:43 2016 +0200

    Add patch cherry-picked from Bitcoin, to fix securely erase CBase58Data::SetString temprorary buffer.
---
 debian/patches/0bitcoin20160418~5770449.patch | 19 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 20 insertions(+)

diff --git a/debian/patches/0bitcoin20160418~5770449.patch b/debian/patches/0bitcoin20160418~5770449.patch
new file mode 100644
index 0000000..14c5a86
--- /dev/null
+++ b/debian/patches/0bitcoin20160418~5770449.patch
@@ -0,0 +1,19 @@
+Description: CBase58Data::SetString: cleanse the full vector
+ SetString seems to be passing the length of the wrong variable to
+ memory_cleanse, resulting in the last byte of the temporary buffer not
+ being securely erased.
+Author: Kaz Wesley <keziahw at gmail.com>
+Origin: other, https://github.com/bitcoin/bitcoin/commit/5770449
+Last-Update: 2016-04-24
+
+--- a/src/base58.cpp
++++ b/src/base58.cpp
+@@ -177,7 +177,7 @@
+     vchData.resize(vchTemp.size() - nVersionBytes);
+     if (!vchData.empty())
+         memcpy(&vchData[0], &vchTemp[nVersionBytes], vchData.size());
+-    memory_cleanse(&vchTemp[0], vchData.size());
++    memory_cleanse(&vchTemp[0], vchTemp.size());
+     return true;
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 454e859..da7ed32 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,5 +24,6 @@
 0bitcoin20160131~62f7f2e.patch
 0bitcoin20160210~ae6eca0.patch
 0bitcoin20160309~3252208.patch
+0bitcoin20160418~5770449.patch
 1001_use_system_leveldb.patch
 1002_use_system_secp256k1.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bitcoin/groestlcoin.git

More information about the Pkg-bitcoin-commits mailing list