Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.19331
curl-CVE-2018-16839.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2018-16839.patch of Package curl.19331
From 4df8ff21144236497fc92521d79fbca2dc079686 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 20 Mar 2018 15:15:14 +0100 Subject: [PATCH 1/2] vauth/cleartext: fix integer overflow check Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408 Upstream-commit: c1366571b609407cf0d4d9f4a2769d29e1313151 Signed-off-by: Kamil Dudka <kdudka@redhat.com> --- lib/curl_ntlm_core.c | 11 +---------- lib/curl_setup.h | 9 +++++++++ lib/vauth/cleartext.c | 14 ++++---------- 3 files changed, 14 insertions(+), 20 deletions(-) Index: curl-7.37.0/lib/curl_sasl.c =================================================================== --- curl-7.37.0.orig/lib/curl_sasl.c +++ curl-7.37.0/lib/curl_sasl.c @@ -149,7 +149,10 @@ CURLcode Curl_sasl_create_plain_message( ulen = strlen(userp); plen = strlen(passwdp); - + /* Compute binary message length. Check for overflows. */ + if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) + return CURLE_OUT_OF_MEMORY; + plainauth = malloc(2 * ulen + plen + 2); if(!plainauth) { *outlen = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor