File Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-... of Package netcdf

Overview Repositories Revisions Requests Users Attributes Meta

File Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch of Package netcdf

From: Egbert Eich <eich@suse.com>
Date: Mon Oct 25 15:39:41 2021 +0200
Subject: Fix for CVE-2019-20006/CVE-2019-20202/CVE-2021-31598 ezxml bug 15/17/28
Patch-mainline: Not yet
Git-commit: aefb38a29f37255f67c08ee708bb9cef74ed8bcb
References:

For UTF-8 the multi-byte sequences should use at most 36 bits
UTF-8 standard uses 21 bits or 4 bytes).
This fixes:
 https://sourceforge.net/p/ezxml/bugs/15/
 https://sourceforge.net/p/ezxml/bugs/17/
 https://sourceforge.net/p/ezxml/bugs/28/

Signed-off-by: Egbert Eich <eich@suse.com>
---
 libdap4/ezxml.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c
index 65cdb7b..275cda0 100644
--- a/libdap4/ezxml.c
+++ b/libdap4/ezxml.c
@@ -177,6 +177,8 @@ char *ezxml_decode(char *s, char **ent, char t)
             if (c < 0x80) *(s++) = c; /* US-ASCII subset*/
             else { /* multi-byte UTF-8 sequence*/
                 for (b = 0, d = c; d; d /= 2) b++; /* number of bits in c*/
+		// UTF-8 can ecode max 36 bits (standard says 21) - noop on 32 bit.
+                if (b > 36) { s++; continue; } // bug#15 CVE-2019-20006 / bug#17 CVE-2019-20202
                 b = (b - 2) / 5; /* number of bytes in payload*/
                 *(s++) = (0xFF << (7 - b)) | (c >> (6 * b)); /* head*/
                 while (b) *(s++) = 0x80 | ((c >> (6 * --b)) & 0x3F); /* payload*/

Places

File Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch of Package netcdf

Places