Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
mercurial.11235
hg-mpatch-fix01.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-mpatch-fix01.patch of Package mercurial.11235
# HG changeset patch # User Augie Fackler <augie@google.com> # Date 1524890536 14400 # Node ID 90a274965de74cb0b4bea01a564b29b12a6af814 # Parent c0081d3e1598e0c82cf5024422dc206db83687de mpatch: be more careful about parsing binary patch data (SEC) It appears to have been possible to trivially walk off the end of an allocated region with a malformed patch. Oops. Caught when writing an mpatch fuzzer for oss-fuzz. This defect is OVE-20180430-0001. A CVE has not been obtained as of this writing. diff -r c0081d3e1598 -r 90a274965de7 mercurial/mpatch.c --- a/mercurial/mpatch.c Wed Jun 06 09:14:33 2018 -0700 +++ b/mercurial/mpatch.c Sat Apr 28 00:42:16 2018 -0400 @@ -197,7 +197,9 @@ lt = l->tail; - while (pos >= 0 && pos < len) { + /* We check against len-11 to ensure we have at least 12 bytes + left in the patch so we can read our three be32s out of it. */ + while (pos >= 0 && pos < (len - 11)) { lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor