Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
uriparser
CVE-2024-34403.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-34403.patch of Package uriparser
From bb6b9b3f25fbafeb12dac68574d9f677b09880e3 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Sun, 28 Apr 2024 21:57:27 +0200 Subject: [PATCH] Protect against integer overflow in ComposeQueryMallocExMm Requires string input that is longer than INT_MAX / 6 - 1 to exploit. --- src/UriQuery.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/src/UriQuery.c +++ b/src/UriQuery.c @@ -162,10 +162,14 @@ int URI_FUNC(ComposeQueryMallocEx)(URI_C if (res != URI_SUCCESS) { return res; } + if (charsRequired == INT_MAX) { + return URI_ERROR_MALLOC; + } charsRequired++; /* Allocate space */ queryString = malloc(charsRequired * sizeof(URI_CHAR)); + queryString = calloc(charsRequired, sizeof(URI_CHAR)); if (queryString == NULL) { return URI_ERROR_MALLOC; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor