1. 17 Jul, 2013 1 commit
    • Ben Hutchings's avatar
      reglib: Validate all structure and array lengths · f4c3e3fc
      Ben Hutchings authored
      Add checks that:
      - Signature length does not exceed the file length (this was already
        checked, but did not account for signature lengths greater than 2 GB)
      - Database length is long enough for all structures we expect in it
      - Array length calculations will not overflow
      To keep these checks simple, change the types of array length and index
      variables to unsigned int (must be at least 32-bit, matching the file
      format) and the types of byte-length variables to size_t.
      Alexandre Rebert <alexandre@cmu.edu> reported and provided a test case
      for the signature length issue; the others I found by inspection.
      Signed-off-by: Ben Hutchings's avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: 's avatarLuis R. Rodriguez <mcgrof@do-not-panic.com>
  2. 31 May, 2013 22 commits
  3. 30 May, 2013 4 commits
  4. 29 May, 2013 4 commits
  5. 25 May, 2013 3 commits
  6. 24 May, 2013 4 commits
  7. 23 May, 2013 2 commits