[svn] GnuPG - r4479 - in branches/STABLE-BRANCH-1-4: . util
svn author wk
cvs at cvs.gnupg.org
Mon Apr 16 17:37:46 CEST 2007
Author: wk
Date: 2007-04-16 17:37:45 +0200 (Mon, 16 Apr 2007)
New Revision: 4479
Modified:
branches/STABLE-BRANCH-1-4/ChangeLog
branches/STABLE-BRANCH-1-4/NEWS
branches/STABLE-BRANCH-1-4/acinclude.m4
branches/STABLE-BRANCH-1-4/util/ChangeLog
branches/STABLE-BRANCH-1-4/util/secmem.c
Log:
util/
* secmem.c (init_pool): Avoid assigning a negative value to a
size_t.
./
* acinclude.m4: Fix last change. Make test self-conatined by
checking for sysconf and getpagesize. Remove indentation for the
sake of broken C-89 cpps.
Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478)
+++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 15:37:45 UTC (rev 4479)
@@ -1,3 +1,9 @@
+2007-04-16 Werner Koch <wk at g10code.com>
+
+ * acinclude.m4: Fix last change. Make test self-conatined by
+ checking for sysconf and getpagesize. Remove indentation for the
+ sake of broken C-89 cpp.
+
2007-04-16 David Shaw <dshaw at jabberwocky.com>
* configure.ac: Add a HAVE_SHM conditional.
Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS 2007-04-16 15:32:49 UTC (rev 4478)
+++ branches/STABLE-BRANCH-1-4/NEWS 2007-04-16 15:37:45 UTC (rev 4479)
@@ -11,7 +11,7 @@
plaintext boundary status tags that GnuPG provides. This change
makes GnuPG reject such messages by default which makes those
programs safe again. --allow-multiple-messages returns to the
- old behavior.
+ old behavior. [CVE-2007-1263].
* [W32] The environment variable LANGUAGE may be used to override
the language given by HKCU\Software\GNU\GnuPG:Lang. The
Modified: branches/STABLE-BRANCH-1-4/acinclude.m4
===================================================================
--- branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-16 15:32:49 UTC (rev 4478)
+++ branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-16 15:37:45 UTC (rev 4479)
@@ -384,18 +384,18 @@
#include <sys/mman.h>
#endif
], [
- int i;
+ int i;
- /* glibc defines this for functions which it implements
- * to always fail with ENOSYS. Some functions are actually
- * named something starting with __ and the normal name
- * is an alias. */
- #if defined (__stub_mlock) || defined (__stub___mlock)
- choke me
- #else
- mlock(&i, 4);
- #endif
- ; return 0;
+ /* glibc defines this for functions which it implements
+ * to always fail with ENOSYS. Some functions are actually
+ * named something starting with __ and the normal name
+ * is an alias. */
+ #if defined (__stub_mlock) || defined (__stub___mlock)
+ choke me
+ #else
+ mlock(&i, 4);
+ #endif
+ ; return 0;
],
gnupg_cv_mlock_is_in_sys_mman=yes,
gnupg_cv_mlock_is_in_sys_mman=no)])
@@ -406,42 +406,45 @@
fi
fi
if test "$ac_cv_func_mlock" = "yes"; then
+ AC_CHECK_FUNCS(sysconf getpagesize)
AC_MSG_CHECKING(whether mlock is broken)
AC_CACHE_VAL(gnupg_cv_have_broken_mlock,
AC_TRY_RUN([
- #include <stdlib.h>
- #include <unistd.h>
- #include <errno.h>
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <fcntl.h>
- int main()
- {
- char *pool;
- int err;
- long int pgsize;
+int main()
+{
+ char *pool;
+ int err;
+ long int pgsize;
- #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
- pgsize = sysconf(_SC_PAGESIZE);
- #elif defined(HAVE_GETPAGESIZE)
- pgsize = getpagesize();
- #endif
+#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+ pgsize = sysconf(_SC_PAGESIZE);
+#elif defined(HAVE_GETPAGESIZE)
+ pgsize = getpagesize();
+#else
+ pgsize = -1;
+#endif
- if(pgsize==-1)
- pgsize = 4096;
+ if(pgsize==-1)
+ pgsize = 4096;
- pool = malloc( 4096 + pgsize );
- if( !pool )
- return 2;
- pool += (pgsize - ((long int)pool % pgsize));
+ pool = malloc( 4096 + pgsize );
+ if( !pool )
+ return 2;
+ pool += (pgsize - ((long int)pool % pgsize));
- err = mlock( pool, 4096 );
- if( !err || errno == EPERM )
- return 0; /* okay */
+ err = mlock( pool, 4096 );
+ if( !err || errno == EPERM )
+ return 0; /* okay */
- return 1; /* hmmm */
- }
+ return 1; /* hmmm */
+}
],
gnupg_cv_have_broken_mlock="no",
Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 15:37:45 UTC (rev 4479)
@@ -1,3 +1,8 @@
+2007-04-16 Werner Koch <wk at g10code.com>
+
+ * secmem.c (init_pool): Avoid assigning a negative value to a
+ size_t.
+
2007-04-16 David Shaw <dshaw at jabberwocky.com>
* secmem.c (init_pool): Use sysconf() if available to determine
Modified: branches/STABLE-BRANCH-1-4/util/secmem.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-16 15:32:49 UTC (rev 4478)
+++ branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-16 15:37:45 UTC (rev 4479)
@@ -219,7 +219,8 @@
static void
init_pool( size_t n)
{
- size_t pgsize=-1;
+ long int pgsize_val;
+ size_t pgsize;
poolsize = n;
@@ -227,13 +228,14 @@
log_bug("secure memory is disabled");
#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
- pgsize = sysconf(_SC_PAGESIZE);
+ pgsize_val = sysconf (_SC_PAGESIZE);
#elif defined(HAVE_GETPAGESIZE)
- pgsize = getpagesize();
+ pgsize_val = getpagesize ();
+#else
+ pgsize_val = -1;
#endif
+ pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096;
- if(pgsize==-1)
- pgsize = 4096;
#ifdef HAVE_MMAP
poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);
More information about the Gnupg-commits
mailing list