bk: 548acc4dN1TbM1tRJrbPcA4yc1aTdA
+* [Sec 2667] buffer overflow in crypto_recv().
* [Bug 2686] refclock_gpsdjson needs strtoll(), which is not always present.
(4.2.7p484-RC) 2014/12/11 Released by Harlan Stenn <stenn@ntp.org>
(4.2.7p483) 2014/12/08 Released by Harlan Stenn <stenn@ntp.org>
* errors.
*/
if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
+ u_int32 *cookiebuf = malloc(
+ RSA_size(host_pkey->pkey.rsa));
+ if (!cookiebuf) {
+ rval = XEVNT_CKY;
+ break;
+ }
+
if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
- (u_char *)&temp32,
+ (u_char *)cookiebuf,
host_pkey->pkey.rsa,
- RSA_PKCS1_OAEP_PADDING) <= 0) {
+ RSA_PKCS1_OAEP_PADDING) != 4) {
rval = XEVNT_CKY;
+ free(cookiebuf);
break;
} else {
- cookie = ntohl(temp32);
+ cookie = ntohl(*cookiebuf);
+ free(cookiebuf);
}
} else {
rval = XEVNT_CKY;
projects / thirdparty / ntp.git / commitdiff
