irc: fix crash in case of invalid server reply during SASL authentication with dh-blowfish or dh-aes mechanism
These mechanisms are not recommended anyway because they are considered as insecure.v2.8-utf8proc
parent
9ccb798bcd
commit
b297c2d56e
|
@ -44,6 +44,7 @@ Bug fixes::
|
|||
|
||||
* core: fix command /cursor stop (do not toggle cursor mode) (issue #964)
|
||||
* core: fix delayed refresh when the signal SIGWINCH is received (terminal resized), send signal "signal_sigwinch" after refreshes (issue #902)
|
||||
* irc: fix crash in case of invalid server reply during SASL authentication with dh-blowfish or dh-aes mechanism
|
||||
* irc: fix double decoding of IRC colors in messages sent/displayed by commands /msg and /query (issue #943)
|
||||
* irc: fix parsing of message 324 (modes) when there is a colon before the modes (issue #913)
|
||||
* relay: check buffer pointer received in "sync" and "desync" commands (weechat protocol) (issue #936)
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
* along with WeeChat. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
@ -357,6 +358,8 @@ irc_sasl_dh (const char *data_base64,
|
|||
data_prime_number = gcry_mpi_new (size * 8);
|
||||
gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
|
||||
num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number);
|
||||
if (num_bits_prime_number == 0 || INT_MAX - 7 < num_bits_prime_number)
|
||||
goto dhend;
|
||||
ptr_data += size;
|
||||
length_data -= size;
|
||||
|
||||
|
@ -388,7 +391,7 @@ irc_sasl_dh (const char *data_base64,
|
|||
gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number);
|
||||
|
||||
/* compute secret_bin */
|
||||
*length_key = num_bits_prime_number / 8;
|
||||
*length_key = (num_bits_prime_number + 7) / 8;
|
||||
*secret_bin = malloc (*length_key);
|
||||
secret_mpi = gcry_mpi_new (num_bits_prime_number);
|
||||
/* secret_mpi = (y ^ priv_key) % p */
|
||||
|
|
Loading…
Reference in New Issue