From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 23 May 2016 20:18:34 +0200 Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112] The call is technically in a loop, and under certain circumstances (which are quite difficult to reproduce in a test case), alloca can be invoked repeatedly during a single call to clntudp_call. As a result, the available stack space can be exhausted (even though individual alloca sizes are bounded implicitly by what can fit into a UDP packet, as a side effect of the earlier successful send operation). (cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) --- ChangeLog | 7 +++++++ NEWS | 4 ++++ sunrpc/clnt_udp.c | 10 +++++++++- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c index a6cf5f1..4d9acb1 100644 --- a/sunrpc/clnt_udp.c +++ b/sunrpc/clnt_udp.c @@ -388,9 +388,15 @@ send_again: struct sock_extended_err *e; struct sockaddr_in err_addr; struct iovec iov; - char *cbuf = (char *) alloca (outlen + 256); + char *cbuf = malloc (outlen + 256); int ret; + if (cbuf == NULL) + { + cu->cu_error.re_errno = errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } + iov.iov_base = cbuf + 256; iov.iov_len = outlen; msg.msg_name = (void *) &err_addr; @@ -415,10 +421,12 @@ send_again: cmsg = CMSG_NXTHDR (&msg, cmsg)) if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) { + free (cbuf); e = (struct sock_extended_err *) CMSG_DATA(cmsg); cu->cu_error.re_errno = e->ee_errno; return (cu->cu_error.re_status = RPC_CANTRECV); } + free (cbuf); } #endif do -- 2.9.3 >
path: root/tests/git-authenticate.scm
AgeCommit message (Expand)Author
2023-09-26tests: Assume ‘git’ is always available....* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’ only. Remove all ‘test-skip’ statements. * tests/derivations.scm: Likewise. * tests/git-authenticate.scm: Likewise. * tests/git.scm: Likewise. * tests/import-git.scm: Likewise. Ludovic Courtès
2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès
2022-02-14git-authenticate: Test introductory commit signature verification....These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. Ludovic Courtès
2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai