Changeset 12884


Ignore:
Timestamp:
Sep 16, 2011, 10:53:26 PM (7 years ago)
Author:
jordan
Message:

(trunk libT) #4473 "underflow from malformed ssha1 can crash tr_ssha1_matches()" -- fixed. Thanks to Volfram for finding this crash and tracking down the cause.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/crypto.c

    r12365 r12884  
    378378    uint8_t buf[SHA_DIGEST_LENGTH];
    379379    bool result;
     380    const size_t sourcelen = strlen( source );
    380381
    381382    /* extract the salt */
    382     saltlen = strlen( source ) - 2*SHA_DIGEST_LENGTH-1;
     383    if( sourcelen < 2*SHA_DIGEST_LENGTH-1 )
     384        return false;
     385    saltlen = sourcelen - SHA_DIGEST_LENGTH-1;
    383386    salt = tr_malloc( saltlen );
    384387    memcpy( salt, source + 2*SHA_DIGEST_LENGTH+1, saltlen );
Note: See TracChangeset for help on using the changeset viewer.