guix/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
Eric Bavier 1cc75fef12
gnu: libmhash: Fix use-after-free in tests.
* gnu/packages/patches/libmhash-hmac-fix-uaf.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mcrypt.scm (libmhash)[source]: Use it.
2020-08-20 15:28:13 -05:00

22 lines
658 B
Diff

--- mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:06.628995733 -0500
+++ mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:39.424885862 -0500
@@ -72,8 +72,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
/* Test No 2 */
mutils_memset(tmp, 0, sizeof(tmp));
--- mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:12.940974589 -0500
+++ mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:59.736817812 -0500
@@ -94,8 +94,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
passlen = sizeof(PASSWORD2);
password = (mutils_word8 *) mutils_malloc(passlen + 1);
mutils_strncpy(password, (mutils_word8 *) PASSWORD2, passlen);