Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.19331
curl-CVE-2016-8618.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2016-8618.patch of Package curl.19331
From bf952ecb87276a1f782c07d1ca229717fff31fb4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Wed, 28 Sep 2016 10:15:34 +0200 Subject: [PATCH] aprintf: detect wrap-around when growing allocation On 32bit systems we could otherwise wrap around after 2GB and allocate 0 bytes and crash. --- lib/mprintf.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) Index: curl-7.37.0/lib/mprintf.c =================================================================== --- curl-7.37.0.orig/lib/mprintf.c 2014-05-06 09:57:41.000000000 +0200 +++ curl-7.37.0/lib/mprintf.c 2016-10-20 15:11:45.702638384 +0200 @@ -1011,16 +1011,19 @@ static int alloc_addbyter(int output, FI infop->len =0; } else if(infop->len+1 >= infop->alloc) { - char *newptr; + char *newptr = NULL; + size_t newsize = infop->alloc*2; - newptr = realloc(infop->buffer, infop->alloc*2); + /* detect wrap-around or other overflow problems */ + if(newsize > infop->alloc) + newptr = realloc(infop->buffer, newsize); if(!newptr) { infop->fail = 1; return -1; /* fail */ } infop->buffer = newptr; - infop->alloc *= 2; + infop->alloc = newsize; } infop->buffer[ infop->len ] = outc;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor