File util-linux-libuuid-uuid_parse-overrun.patch of Package python3-libmount.29049

Overview Repositories Revisions Requests Users Attributes Meta

File util-linux-libuuid-uuid_parse-overrun.patch of Package python3-libmount.29049

From 8596101d21a9bdc85388486ec9c431c114a443e3 Mon Sep 17 00:00:00 2001
From: Zane van Iperen <zane@zanevaniperen.com>
Date: Wed, 16 Feb 2022 00:57:17 +1000
Subject: [PATCH 1/4] libuuid: fix buffer overrun in uuid_parse_range()

It attempts to access in_start[36], despite 35 being the maximum
allowed index.

Reported-by: Pierre-Anthony Lemieux <pal@palemieux.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
---
 libuuid/src/parse.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Index: util-linux-2.33.2/libuuid/src/parse.c
===================================================================
--- util-linux-2.33.2.orig/libuuid/src/parse.c
+++ util-linux-2.33.2/libuuid/src/parse.c
@@ -48,7 +48,7 @@ int uuid_parse(const char *in, uuid_t uu
 
 	if (strlen(in) != 36)
 		return -1;
-	for (i=0, cp = in; i <= 36; i++,cp++) {
+	for (i=0, cp = in; i < 36; i++,cp++) {
 		if ((i == 8) || (i == 13) || (i == 18) ||
 		    (i == 23)) {
 			if (*cp == '-')
@@ -56,9 +56,7 @@ int uuid_parse(const char *in, uuid_t uu
 			else
 				return -1;
 		}
-		if (i== 36)
-			if (*cp == 0)
-				continue;
+
 		if (!isxdigit(*cp))
 			return -1;
 	}

Places

File util-linux-libuuid-uuid_parse-overrun.patch of Package python3-libmount.29049

Places