[Bug 1511108] Re: Handle odd buffer lengths in checksum
Launchpad Bug Tracker
1511108 at bugs.launchpad.net
Fri Nov 20 05:46:03 UTC 2015
This bug was fixed in the package sbsigntool - 0.6-0ubuntu9
---------------
sbsigntool (0.6-0ubuntu9) xenial; urgency=medium
[ Linn Crosetto ]
* debian/patches/0001-Handle-odd-buffer-lengths-in-checksum.patch:
Fix checksum when handling buffers of odd length. LP: #1511108
-- Michael Terry <mterry at ubuntu.com> Thu, 19 Nov 2015 16:32:19 -0500
** Changed in: sbsigntool (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1511108
Title:
Handle odd buffer lengths in checksum
Status in sbsigntool package in Ubuntu:
Fix Released
Bug description:
Buffers of odd length can be passed to the checksum, for example
signatures. This results in reading 1 byte beyond the buffer and can
produce an incorrect checksum if the extra byte is non-zero.
Attaching a patch changing csum_bytes() to prevent overflowing the
buffer, while taking the extra byte into account if the length is odd.
Tested with a UEFI binary containing an odd-length signature, and also
detach/attach on a binary signed with Microsoft signtool.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1511108/+subscriptions
More information about the Ubuntu-sponsors
mailing list