Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
curl.34221
curl-CVE-2016-7167.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2016-7167.patch of Package curl.34221
From bf0bb3849422c043f21f56fae57c1cf85e41a272 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 8 Sep 2016 22:59:54 +0200 Subject: [PATCH] CVE-2016-7167: deny negative string length inputs Bug: https://curl.haxx.se/docs/adv_20160914.html --- lib/escape.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) Index: curl-7.37.0/lib/escape.c =================================================================== --- curl-7.37.0.orig/lib/escape.c 2016-10-21 14:04:31.426252033 +0200 +++ curl-7.37.0/lib/escape.c 2016-10-21 14:04:44.842340871 +0200 @@ -80,15 +80,21 @@ char *curl_unescape(const char *string, char *curl_easy_escape(CURL *handle, const char *string, int inlength) { - size_t alloc = (inlength?(size_t)inlength:strlen(string))+1; + size_t alloc; char *ns; char *testing_ptr = NULL; unsigned char in; /* we need to treat the characters unsigned */ - size_t newlen = alloc; + size_t newlen; size_t strindex=0; size_t length; CURLcode res; + if(inlength < 0) + return NULL; + + alloc = (inlength?(size_t)inlength:strlen(string))+1; + newlen = alloc; + ns = malloc(alloc); if(!ns) return NULL; @@ -212,6 +218,7 @@ char *curl_easy_unescape(CURL *handle, c int *olen) { char *str = NULL; + if(length >= 0) { size_t inputlen = length; size_t outputlen; CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen, @@ -220,6 +227,7 @@ char *curl_easy_unescape(CURL *handle, c return NULL; if(olen) *olen = curlx_uztosi(outputlen); + } return str; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor