diff options
Diffstat (limited to 'app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch')
-rw-r--r-- | app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch b/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch deleted file mode 100644 index ca6b2272..00000000 --- a/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Ken Sharp <ken.sharp@artifex.com> -Date: Thu, 23 Aug 2018 14:42:02 +0000 (+0100) -Subject: Bug 699665 "memory corruption in aesdecode" -X-Git-Tag: ghostpdl-9.24rc1~13 -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=8e9ce501 - -Bug 699665 "memory corruption in aesdecode" - -The specimen file calls aesdecode without specifying the key to be -used, though it does manage to do enough work with the PDF interpreter -routines to get access to aesdecode (which isn't normally available). - -This causes us to read uninitialised memory, which can (and often does) -lead to a segmentation fault. - -In this commit we set the key to NULL explicitly during intialisation -and then check it before we read it. If its NULL we just return. - -It seems bizarre that we don't return error codes, we should probably -look into that at some point, but this prevents the code trying to -read uninitialised memory. ---- - -diff --git a/base/aes.c b/base/aes.c -index a6bce93..e86f000 100644 ---- a/base/aes.c -+++ b/base/aes.c -@@ -662,6 +662,9 @@ void aes_crypt_ecb( aes_context *ctx, - } - #endif - -+ if (ctx == NULL || ctx->rk == NULL) -+ return; -+ - RK = ctx->rk; - - GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++; -diff --git a/base/saes.c b/base/saes.c -index 6db0e8b..307ed74 100644 ---- a/base/saes.c -+++ b/base/saes.c -@@ -120,6 +120,7 @@ s_aes_process(stream_state * ss, stream_cursor_read * pr, - gs_throw(gs_error_VMerror, "could not allocate aes context"); - return ERRC; - } -+ memset(state->ctx, 0x00, sizeof(aes_context)); - if (state->keylength < 1 || state->keylength > SAES_MAX_KEYLENGTH) { - gs_throw1(gs_error_rangecheck, "invalid aes key length (%d bytes)", - state->keylength); |