From 9d37ff891f244eb042a906d35abdd0542314b968 Mon Sep 17 00:00:00 2001
From: Ulrich Müller <ulm@gentoo.org>
Date: Sat, 12 Dec 2015 11:51:29 +0100
Subject: otpcalc: Add 08_all_extract.patch.

Port changes to the extract() function from the skey patchset,
fixing an out-of-bounds read.

Fix signedness of first function argument.
---
 patchsets/otpcalc/0.97/08_all_extract.patch | 39 +++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 patchsets/otpcalc/0.97/08_all_extract.patch

(limited to 'patchsets/otpcalc')

diff --git a/patchsets/otpcalc/0.97/08_all_extract.patch b/patchsets/otpcalc/0.97/08_all_extract.patch
new file mode 100644
index 0000000..0f0cf41
--- /dev/null
+++ b/patchsets/otpcalc/0.97/08_all_extract.patch
@@ -0,0 +1,39 @@
+Port changes to the extract() function from the skey patchset,
+fixing an out-of-bounds read.
+
+Fix signedness of first function argument.
+
+--- otpCalc-0.97-orig/utility.c
++++ otpCalc-0.97/utility.c
+@@ -28,21 +28,21 @@
+ #include "utility.h"
+ 
+ 
+-static unsigned short extract(char *s, int start, int length)
++static unsigned short extract(unsigned char *s, int start, int length)
+ {
+ 
+-	unsigned char cl;
+-	unsigned char cc;
+-	unsigned char cr;
+ 	unsigned int x;
++	int end, i;
+ 
+ 
+-	cl = s[start / 8];
+-	cc = s[start / 8 + 1];
+-	cr = s[start / 8 + 2];
+-	x = ((int) (cl << 8 | cc) << 8 | cr);
+-	x = x >> (24 - (length + (start % 8)));
+-	x = (x & (0xffff >> (16 - length)));
++	end = start + length - 1;
++	x = 0;
++	for (i = start / 8; i <= end / 8; i++) {
++		x <<= 8;
++		x |= s[i];
++	}
++	x >>= 7 - end % 8;
++	x &= (1 << length) - 1;
+ 
+ 	return (unsigned short)x;
+ 
-- 
cgit v1.2.3-65-gdbad