Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.19331
curl-CVE-2019-5482.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2019-5482.patch of Package curl.19331
From 0846bdc0c3f8323b931247ca31c2fb30a3265f00 Mon Sep 17 00:00:00 2001 From: Thomas Vegas <> Date: Sat, 31 Aug 2019 17:30:51 +0200 Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is received Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. --- lib/tftp.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) Index: curl-7.37.0/lib/tftp.c =================================================================== --- curl-7.37.0.orig/lib/tftp.c +++ curl-7.37.0/lib/tftp.c @@ -951,6 +951,7 @@ static CURLcode tftp_connect(struct conn CURLcode code; tftp_state_data_t *state; int blksize, rc; + int need_blksize; blksize = TFTP_BLKSIZE_DEFAULT; @@ -965,15 +966,20 @@ static CURLcode tftp_connect(struct conn return CURLE_TFTP_ILLEGAL; } + need_blksize = blksize; + /* default size is the fallback when no OACK is received */ + if(need_blksize < TFTP_BLKSIZE_DEFAULT) + need_blksize = TFTP_BLKSIZE_DEFAULT; + if(!state->rpacket.data) { - state->rpacket.data = calloc(1, blksize + 2 + 2); + state->rpacket.data = calloc(1, need_blksize + 2 + 2); if(!state->rpacket.data) return CURLE_OUT_OF_MEMORY; } if(!state->spacket.data) { - state->spacket.data = calloc(1, blksize + 2 + 2); + state->spacket.data = calloc(1, need_blksize + 2 + 2); if(!state->spacket.data) return CURLE_OUT_OF_MEMORY; @@ -987,7 +993,7 @@ static CURLcode tftp_connect(struct conn state->sockfd = state->conn->sock[FIRSTSOCKET]; state->state = TFTP_STATE_START; state->error = TFTP_ERR_NONE; - state->blksize = blksize; + state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ state->requested_blksize = blksize; ((struct sockaddr *)&state->local_addr)->sa_family =
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor