[Bug 1511108] Re: Handle odd buffer lengths in checksum

Mathew Hodson mathew.hodson at gmail.com
Mon Nov 9 03:02:38 UTC 2015


** Changed in: sbsigntool (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1511108

Title:
  Handle odd buffer lengths in checksum

Status in sbsigntool package in Ubuntu:
  New

Bug description:
  Buffers of odd length can be passed to the checksum, for example
  signatures. This results in reading 1 byte beyond the buffer and can
  produce an incorrect checksum if the extra byte is non-zero.

  Attaching a patch changing csum_bytes() to prevent overflowing the
  buffer, while taking the extra byte into account if the length is odd.
  Tested with a UEFI binary containing an odd-length signature, and also
  detach/attach on a binary signed with Microsoft signtool.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1511108/+subscriptions



More information about the Ubuntu-sponsors mailing list