From d54ee32837d917c7293319ad7e75aaaf76d9d721 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 16 Apr 2007 15:37:45 +0000
Subject: [PATCH] util/ 	* secmem.c (init_pool): Avoid assigning a negative
 value to a 	size_t. ./ 	* acinclude.m4: Fix last change.  Make test
 self-conatined by 	checking for sysconf and getpagesize.  Remove
 indentation for the 	sake of broken C-89 cpps.

---
 ChangeLog      |  6 ++++
 NEWS           |  2 +-
 acinclude.m4   | 79 ++++++++++++++++++++++++++------------------------
 util/ChangeLog |  5 ++++
 util/secmem.c  | 12 ++++----
 5 files changed, 60 insertions(+), 44 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a44a4b30a..232c01061 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2007-04-16  Werner Koch  <wk@g10code.com>
+
+	* acinclude.m4: Fix last change.  Make test self-conatined by
+	checking for sysconf and getpagesize.  Remove indentation for the
+	sake of broken C-89 cpp.
+
 2007-04-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* configure.ac: Add a HAVE_SHM conditional.
diff --git a/NEWS b/NEWS
index 60625d98c..b04d37d6b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Noteworthy changes in version 1.4.7 (2007-03-05)
       plaintext boundary status tags that GnuPG provides.  This change
       makes GnuPG reject such messages by default which makes those
       programs safe again.  --allow-multiple-messages returns to the
-      old behavior.
+      old behavior. [CVE-2007-1263].
 
     * [W32] The environment variable LANGUAGE may be used to override
       the language given by HKCU\Software\GNU\GnuPG:Lang.  The
diff --git a/acinclude.m4 b/acinclude.m4
index 30eeb85d6..149a48506 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -384,18 +384,18 @@ define(GNUPG_CHECK_MLOCK,
                     #include <sys/mman.h>
                     #endif
                 ], [
-                    int i;
+ int i;
 
-                    /* glibc defines this for functions which it implements
-                     * to always fail with ENOSYS.  Some functions are actually
-                     * named something starting with __ and the normal name
-                     * is an alias.  */
-                    #if defined (__stub_mlock) || defined (__stub___mlock)
-                    choke me
-                    #else
-                    mlock(&i, 4);
-                    #endif
-                    ; return 0;
+ /* glibc defines this for functions which it implements
+  * to always fail with ENOSYS.  Some functions are actually
+  * named something starting with __ and the normal name
+  * is an alias.  */
+ #if defined (__stub_mlock) || defined (__stub___mlock)
+ choke me
+ #else
+ mlock(&i, 4);
+ #endif
+ ; return 0;
                 ],
                 gnupg_cv_mlock_is_in_sys_mman=yes,
                 gnupg_cv_mlock_is_in_sys_mman=no)])
@@ -406,42 +406,45 @@ define(GNUPG_CHECK_MLOCK,
         fi
     fi
     if test "$ac_cv_func_mlock" = "yes"; then
+        AC_CHECK_FUNCS(sysconf getpagesize)
         AC_MSG_CHECKING(whether mlock is broken)
           AC_CACHE_VAL(gnupg_cv_have_broken_mlock,
              AC_TRY_RUN([
-                #include <stdlib.h>
-                #include <unistd.h>
-                #include <errno.h>
-                #include <sys/mman.h>
-                #include <sys/types.h>
-                #include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <fcntl.h>
 
-                int main()
-                {
-                    char *pool;
-                    int err;
-                    long int pgsize;
+int main()
+{
+    char *pool;
+    int err;
+    long int pgsize;
 
-		#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
-                    pgsize = sysconf(_SC_PAGESIZE);
-		#elif defined(HAVE_GETPAGESIZE)
-                    pgsize = getpagesize();
-		#endif
+#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+    pgsize = sysconf(_SC_PAGESIZE);
+#elif defined(HAVE_GETPAGESIZE)
+    pgsize = getpagesize();
+#else
+    pgsize = -1;
+#endif
 
-		    if(pgsize==-1)
-	               pgsize = 4096;
+    if(pgsize==-1)
+       pgsize = 4096;
 
-                    pool = malloc( 4096 + pgsize );
-                    if( !pool )
-                        return 2;
-                    pool += (pgsize - ((long int)pool % pgsize));
+    pool = malloc( 4096 + pgsize );
+    if( !pool )
+        return 2;
+    pool += (pgsize - ((long int)pool % pgsize));
 
-                    err = mlock( pool, 4096 );
-                    if( !err || errno == EPERM )
-                        return 0; /* okay */
+    err = mlock( pool, 4096 );
+    if( !err || errno == EPERM )
+        return 0; /* okay */
 
-                    return 1;  /* hmmm */
-                }
+    return 1;  /* hmmm */
+}
 
             ],
             gnupg_cv_have_broken_mlock="no",
diff --git a/util/ChangeLog b/util/ChangeLog
index 70a95c758..a67547395 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,8 @@
+2007-04-16  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (init_pool): Avoid assigning a negative value to a
+	size_t.
+
 2007-04-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* secmem.c (init_pool): Use sysconf() if available to determine
diff --git a/util/secmem.c b/util/secmem.c
index dc8a8f087..5a4affd42 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -219,7 +219,8 @@ lock_pool( void *p, size_t n )
 static void
 init_pool( size_t n)
 {
-    size_t pgsize=-1;
+    long int pgsize_val;
+    size_t pgsize;
 
     poolsize = n;
 
@@ -227,13 +228,14 @@ init_pool( size_t n)
 	log_bug("secure memory is disabled");
 
 #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
-    pgsize = sysconf(_SC_PAGESIZE);
+    pgsize_val = sysconf (_SC_PAGESIZE);
 #elif defined(HAVE_GETPAGESIZE)
-    pgsize = getpagesize();
+    pgsize_val = getpagesize ();
+#else
+    pgsize_val = -1;
 #endif
+    pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096;
 
-    if(pgsize==-1)
-      pgsize = 4096;
 
 #ifdef HAVE_MMAP
     poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);