Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libgit2
libgit2-read-entry-return-code.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgit2-read-entry-return-code.patch of Package libgit2
References: 58a6fe94cb851f71214dbefac3f9bffee437d6fe From: Karol Babioch <kbabioch@suse.de> Date: Wed Mar 14 11:15:46 CET 2018 Upstream: merged Fix for CVE-2018-8099 (bsc#1085256). --- src/index.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) Index: libgit2-0.24.1/src/index.c =================================================================== --- libgit2-0.24.1.orig/src/index.c +++ libgit2-0.24.1/src/index.c @@ -2257,8 +2257,9 @@ out_err: return 0; } -static size_t read_entry( +static int read_entry( git_index_entry **out, + size_t *out_size, git_index *index, const void *buffer, size_t buffer_size) @@ -2269,7 +2270,7 @@ static size_t read_entry( git_index_entry entry = {{0}}; if (INDEX_FOOTER_SIZE + minimal_entry_size > buffer_size) - return 0; + return -1; /* buffer is not guaranteed to be aligned */ memcpy(&source, buffer, sizeof(struct entry_short)); @@ -2310,7 +2311,7 @@ static size_t read_entry( path_end = memchr(path_ptr, '\0', buffer_size); if (path_end == NULL) - return 0; + return -1; path_length = path_end - path_ptr; } @@ -2320,15 +2321,19 @@ static size_t read_entry( else entry_size = short_entry_size(path_length); + if (entry_size == 0) + return -1; + if (INDEX_FOOTER_SIZE + entry_size > buffer_size) - return 0; + return -1; entry.path = (char *)path_ptr; if (index_entry_dup(out, index, &entry) < 0) - return 0; + return -1; - return entry_size; + *out_size = entry_size; + return 0; } static int read_header(struct index_header *dest, const void *buffer) @@ -2426,10 +2431,9 @@ static int parse_index(git_index *index, /* Parse all the entries */ for (i = 0; i < header.entry_count && buffer_size > INDEX_FOOTER_SIZE; ++i) { git_index_entry *entry; - size_t entry_size = read_entry(&entry, index, buffer, buffer_size); + size_t entry_size; - /* 0 bytes read means an object corruption */ - if (entry_size == 0) { + if ((error = read_entry(&entry, &entry_size, index, buffer, buffer_size)) < 0) { error = index_error_invalid("invalid entry"); goto done; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor