File wget-stack-overflow-on-negative-chunksize-CVE-2... of Package wget

Overview Repositories Revisions Requests Users Attributes Meta

File wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch of Package wget (Revision 026fe0b8b7773f487a7428fd803db1c2)

Currently displaying revision 026fe0b8b7773f487a7428fd803db1c2 , Show latest

From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Fri, 20 Oct 2017 10:59:38 +0200
Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
 (CVE-2017-13089)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/http.c (skip_short_body): Return error on negative chunk size

Reported-by: Antti LevomÃ¤ki, Christian Jalio, Joonas Pihlaja from Forcepoint
Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
---
 src/http.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/http.c b/src/http.c
index 55367688..dc318231 100644
--- a/src/http.c
+++ b/src/http.c
@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
               remaining_chunk_size = strtol (line, &endl, 16);
               xfree (line);

+              if (remaining_chunk_size < 0)
+                return false;
+
               if (remaining_chunk_size == 0)
                 {
                   line = fd_read_line (fd);

Places

File wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch of Package wget (Revision 026fe0b8b7773f487a7428fd803db1c2)

Places