Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
mercurial.11235
hg-CVE-2018-17983.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-CVE-2018-17983.patch of Package mercurial.11235
# HG changeset patch # User Yuya Nishihara <yuya@tcha.org> # Date 1536150209 -32400 # Node ID 5405cb1a79010ac50c58cd84e6f50c4556bf2a4c # Parent e85462d48cb3a59f67a595510fc7977cba6ed358 manifest: fix out-of-bounds read of corrupted manifest entry Spotted by ASAN. diff -r e85462d48cb3 -r 5405cb1a7901 mercurial/cext/manifest.c --- a/mercurial/cext/manifest.c Wed Sep 05 21:32:45 2018 +0900 +++ b/mercurial/cext/manifest.c Wed Sep 05 21:23:29 2018 +0900 @@ -51,7 +51,12 @@ { char *s = l->start; ssize_t llen = pathlen(l); - PyObject *hash = unhexlify(s + llen + 1, 40); + PyObject *hash; + if (llen + 1 + 40 + 1 > l->len) { /* path '\0' hash '\n' */ + PyErr_SetString(PyExc_ValueError, "manifest line too short"); + return NULL; + } + hash = unhexlify(s + llen + 1, 40); if (!hash) { return NULL; } @@ -249,10 +254,13 @@ pl = pathlen(l); path = PyBytes_FromStringAndSize(l->start, pl); hash = nodeof(l); + if (!path || !hash) { + goto done; + } consumed = pl + 41; flags = PyBytes_FromStringAndSize(l->start + consumed, l->len - consumed - 1); - if (!path || !hash || !flags) { + if (!flags) { goto done; } ret = PyTuple_Pack(3, path, hash, flags);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor