booth/RHEL-32605-1-attr-Fix-reading-of-server_reply.patch
Jan Friesse 5bbc04da72 - Resolves: RHEL-32605
- attr: Fix reading of server_reply
- auth: Check result of gcrypt gcry_md_get_algo_dlen (fixes CVE-2024-3049)

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
2024-06-07 11:32:25 +02:00

38 lines
1.1 KiB
Diff

From 4bdd96d767fc38239c4fac9e95404da99f61ac65 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 21 Feb 2024 17:40:11 +0100
Subject: [PATCH 1/4] attr: Fix reading of server_reply
read_server_reply first reads boothc header and then rest of packet
which contains hmac info. This should go in memory right after
boothc_header and not after full length of packet, because full length
of packet already contains hmac info.
Solution is to simply use length of header and not length of packet.
Longer term and better solution would be to drop read_server_reply
completely and use recv_auth which is used for everything else but attr
set and delete.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/attr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/attr.c b/src/attr.c
index 44061e3..bc154f0 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -142,7 +142,7 @@ static int read_server_reply(
return -2;
}
len = ntohl(header->length);
- rv = tpt->recv(site, msg+len, len-sizeof(*header));
+ rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header));
if (rv < 0) {
return -1;
}
--
2.44.0