--- corosync-2.3.5/exec/totemcrypto.c.orig 2015-07-01 18:15:45.000000000 +0300
+++ corosync-2.3.5/exec/totemcrypto.c 2018-04-14 11:19:20.598726242 +0300
@@ -627,6 +627,11 @@
unsigned char tmp_hash[hash_len[instance->crypto_hash_type]];
int datalen = *buf_len - hash_len[instance->crypto_hash_type];
+ if (*buf_len <= hash_len[instance->crypto_hash_type]) {
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
+ return -1;
+ }
+
if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) {
return -1;
}
@@ -736,6 +741,12 @@
{
struct crypto_config_header *cch = (struct crypto_config_header *)buf;
+ if (*buf_len <= sizeof(struct crypto_config_header)) {
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
+
+ return (-1);
+ }
+
if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) {
log_printf(instance->log_level_security,
"Incoming packet has different crypto type. Rejecting");
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
5b32c3029d84d94d2f67ecb75b15ac4e
>
files
>
5
