d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct a buffer overflow which can occur when decompressing a

Browse Source 
carefully crafted deflated data stream. [1]

Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]

Submitted by:   suz [2]
Security:       FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
Approved by:	re (kensmith)
This commit is contained in:
cperciva 2005-07-27 08:41:44 +00:00
parent 930f4f73bd
commit bc436e7a70
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/libz/inftrees.h
View File

@ -36,12 +36,12 @@ typedef struct {
*/
/* Maximum size of dynamic tree. The maximum found in a long but non-
exhaustive search was 1004 code structures (850 for length/literals
and 154 for distances, the latter actually the result of an
exhaustive search was 1444 code structures (852 for length/literals
and 592 for distances, the latter actually the result of an
exhaustive search). The true maximum is not known, but the value
below is more than safe. */
#define ENOUGH 1440
#define MAXD 154
#define ENOUGH 2048
#define MAXD 592
/* Type of code to build for inftable() */
typedef enum {

18
sys/netinet6/ah_aesxcbcmac.c
View File

@ -78,6 +78,7 @@ ah_aes_xcbc_mac_init(state, sav)
u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
aesxcbc_ctx *ctx;
u_int8_t k1[AES_BLOCKSIZE];
if (!state)
panic("ah_aes_xcbc_mac_init: what?");
@ -93,14 +94,15 @@ ah_aes_xcbc_mac_init(state, sav)
if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks,
(char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0)
return -1;
rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
return -1;
return 0;
}
@ -151,8 +153,8 @@ ah_aes_xcbc_mac_loop(state, addr, len)
addr += AES_BLOCKSIZE;
}
if (addr < ep) {
bcopy(addr, ctx->buf, ep - addr);
ctx->buflen = ep - addr;
bcopy(addr, ctx->buf + ctx->buflen, ep - addr);
ctx->buflen += ep - addr;
}
}