[Pkg-silc-commits] r105 - in /silc-client/trunk: debian/changelog debian/control lib/silcapputil/silcapputil.c lib/silcsftp/sftp_client.c lib/silcutil/silcmime.c
lunar at users.alioth.debian.org
lunar at users.alioth.debian.org
Wed Jun 27 13:27:45 UTC 2007
Author: lunar
Date: Wed Jun 27 13:27:45 2007
New Revision: 105
URL: http://svn.debian.org/wsvn/pkg-silc/?sc=1&rev=105
Log:
* Depends on libsilc-1.1-2-dev to get security fixes into silc package.
* Backport fixes (for irssi-plugin-silc) to silc_create_key_pair(),
silc_mime_decode() (exploitable buffer overflow) and
silc_sftp_client_io (exploitable buffer overflow) from silc-toolkit 1.1.1.
Modified:
silc-client/trunk/debian/changelog
silc-client/trunk/debian/control
silc-client/trunk/lib/silcapputil/silcapputil.c
silc-client/trunk/lib/silcsftp/sftp_client.c
silc-client/trunk/lib/silcutil/silcmime.c
Modified: silc-client/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk/debian/changelog?rev=105&op=diff
==============================================================================
--- silc-client/trunk/debian/changelog (original)
+++ silc-client/trunk/debian/changelog Wed Jun 27 13:27:45 2007
@@ -1,3 +1,12 @@
+silc-client (1.1-2) unstable; urgency=low
+
+ * Depends on libsilc-1.1-2-dev to get security fixes into silc package.
+ * Backport fixes (for irssi-plugin-silc) to silc_create_key_pair(),
+ silc_mime_decode() (exploitable buffer overflow) and
+ silc_sftp_client_io (exploitable buffer overflow) from silc-toolkit 1.1.1.
+
+ -- Jérémy Bobbio <lunar at debian.org> Wed, 27 Jun 2007 14:12:48 +0200
+
silc-client (1.1-1) unstable; urgency=low
* New upstream release
Modified: silc-client/trunk/debian/control
URL: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk/debian/control?rev=105&op=diff
==============================================================================
--- silc-client/trunk/debian/control (original)
+++ silc-client/trunk/debian/control Wed Jun 27 13:27:45 2007
@@ -4,7 +4,7 @@
Maintainer: Debian SILC Team <pkg-silc-devel at lists.alioth.debian.org>
Uploaders: Jérémy Bobbio <lunar at debian.org>
Standards-Version: 3.7.2
-Build-Depends: debhelper (>> 5), libglib2.0-dev, ncurses-dev, autotools-dev, libsilc-1.1-1-dev, libperl-dev
+Build-Depends: debhelper (>> 5), libglib2.0-dev, ncurses-dev, autotools-dev, libsilc-1.1-2-dev, libperl-dev
XS-Vcs-Svn: svn://svn.debian.org/pkg-silc/silc-client/trunk
XS-Vcs-Browser: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk
Modified: silc-client/trunk/lib/silcapputil/silcapputil.c
URL: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk/lib/silcapputil/silcapputil.c?rev=105&op=diff
==============================================================================
--- silc-client/trunk/lib/silcapputil/silcapputil.c (original)
+++ silc-client/trunk/lib/silcapputil/silcapputil.c Wed Jun 27 13:27:45 2007
@@ -144,6 +144,12 @@
}
silc_free(def);
+ }
+
+ if (!strstr(identifier, "UN=") || !strstr(identifier, "HN=")) {
+ fprintf(stderr, "Invalid public key identifier. You must specify both "
+ "UN and HN\n");
+ return FALSE;
}
rng = silc_rng_alloc();
@@ -202,12 +208,14 @@
return FALSE;
/* Save public key into file */
- silc_pkcs_save_public_key(pkfile, public_key, SILC_PKCS_FILE_BASE64);
+ if (!silc_pkcs_save_public_key(pkfile, public_key, SILC_PKCS_FILE_BASE64))
+ return FALSE;
/* Save private key into file */
- silc_pkcs_save_private_key(prvfile, private_key,
- (const unsigned char *)pass, strlen(pass),
- SILC_PKCS_FILE_BIN, rng);
+ if (!silc_pkcs_save_private_key(prvfile, private_key,
+ (const unsigned char *)pass, strlen(pass),
+ SILC_PKCS_FILE_BIN, rng))
+ return FALSE;
if (return_public_key)
*return_public_key = public_key;
Modified: silc-client/trunk/lib/silcsftp/sftp_client.c
URL: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk/lib/silcsftp/sftp_client.c?rev=105&op=diff
==============================================================================
--- silc-client/trunk/lib/silcsftp/sftp_client.c (original)
+++ silc-client/trunk/lib/silcsftp/sftp_client.c Wed Jun 27 13:27:45 2007
@@ -330,7 +330,7 @@
void *context)
{
SilcSFTPClient sftp = context;
- unsigned char inbuf[63488];
+ unsigned char inbuf[65536];
SilcBufferStruct packet;
int ret;
Modified: silc-client/trunk/lib/silcutil/silcmime.c
URL: http://svn.debian.org/wsvn/pkg-silc/silc-client/trunk/lib/silcutil/silcmime.c?rev=105&op=diff
==============================================================================
--- silc-client/trunk/lib/silcutil/silcmime.c (original)
+++ silc-client/trunk/lib/silcutil/silcmime.c Wed Jun 27 13:27:45 2007
@@ -198,6 +198,7 @@
if (field && strstr(field, "multipart")) {
char b[1024];
SilcMime p;
+ unsigned int len;
mime->multiparts = silc_dlist_init();
if (!mime->multiparts)
@@ -213,7 +214,10 @@
if (!strchr(field, ';'))
goto err;
memset(b, 0, sizeof(b));
- strncat(b, value, strchr(field, ';') - value);
+ len = (unsigned int)(strchr(field, ';') - value);
+ if (len > sizeof(b) - 1)
+ goto err;
+ strncpy(b, value, len);
if (strchr(b, '"'))
*strchr(b, '"') = '\0';
mime->multitype = silc_memdup(b, strlen(b));
More information about the Pkg-silc-commits
mailing list