File shadow-4.2.1-CVE-2017-12424.patch of Package shadow.30598

Overview Repositories Revisions Requests Users Attributes Meta

File shadow-4.2.1-CVE-2017-12424.patch of Package shadow.30598

From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 31 Mar 2017 16:25:06 +0200
Subject: [PATCH] Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
---
 lib/commonio.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/commonio.c b/lib/commonio.c
index b10da06a..31edbaaf 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
 	for (ptr = db->head;
 	        (NULL != ptr)
 #if KEEP_NIS_AT_END
-	     && (NULL != ptr->line)
-	     && (   ('+' != ptr->line[0])
-	         && ('-' != ptr->line[0]))
+	     && ((NULL == ptr->line)
+	         || (('+' != ptr->line[0])
+	             && ('-' != ptr->line[0])))
 #endif
 	     ;
 	     ptr = ptr->next) {
 		n++;
 	}
 #if KEEP_NIS_AT_END
-	if ((NULL != ptr) && (NULL != ptr->line)) {
+	if (NULL != ptr) {
 		nis = ptr;
 	}
 #endif

Places

File shadow-4.2.1-CVE-2017-12424.patch of Package shadow.30598

Places