File Fix-for-CVE-2019-20199-ezxml-bug-18.patch of Package netcdf

Overview Repositories Revisions Requests Users Attributes Meta

File Fix-for-CVE-2019-20199-ezxml-bug-18.patch of Package netcdf

From: Egbert Eich <eich@suse.com>
Date: Mon Oct 25 15:41:34 2021 +0200
Subject: Fix for CVE-2019-20199 / ezxml bug 18
Patch-mainline: Not yet
Git-commit: ecb765ec9de8cde38fb7aac55ee68c66482650cc
References:

Make sure end token ';' has really been found.
This fixes
 https://sourceforge.net/p/ezxml/bugs/18/

Signed-off-by: Egbert Eich <eich@suse.com>
---
 libdap4/ezxml.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c
index c800d69..931ba24 100644
--- a/libdap4/ezxml.c
+++ b/libdap4/ezxml.c
@@ -193,9 +193,11 @@ char *ezxml_decode(char *s, char **ent, char t)
 
             if (ent[b++]) { /* found a match*/
                 if ((c = strlen(ent[b])) - 1 > (e = strchr(s, ';')) - s) {
-                    l = (d = (s - r)) + c + strlen(e); /* new length*/
+                    if (!e) { s++; continue; } // bug#18 / CVE-2019-20199
+		    l = (d = (s - r)) + c + strlen(e); /* new length*/
                     r = (r == m) ? strcpy(malloc(l), r) : realloc(r, l);
                     e = strchr((s = r + d), ';'); /* fix up pointers*/
+                    if (!e) { s++; continue; } // bug#18
                 }
 
                 memmove(s + c, e + 1, strlen(e)); /* shift rest of string*/

Places

File Fix-for-CVE-2019-20199-ezxml-bug-18.patch of Package netcdf

Places