Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
netcdf
Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch of Package netcdf
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:39:41 2021 +0200 Subject: Fix for CVE-2019-20006/CVE-2019-20202/CVE-2021-31598 ezxml bug 15/17/28 Patch-mainline: Not yet Git-commit: b43b4310b0fc0c02d9b0aa8b0dba1aeb6aeecc55 References: For UTF-8 the multi-byte sequences should use at most 36 bits UTF-8 standard uses 21 bits or 4 bytes). This fixes: https://sourceforge.net/p/ezxml/bugs/15/ https://sourceforge.net/p/ezxml/bugs/17/ https://sourceforge.net/p/ezxml/bugs/28/ Signed-off-by: Egbert Eich <eich@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 01ac012..8a57cfa 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -182,6 +182,8 @@ char *ezxml_decode(char *s, char **ent, char t) if (c < 0x80) *(s++) = c; /* US-ASCII subset*/ else { /* multi-byte UTF-8 sequence*/ for (b = 0, d = c; d; d /= 2) b++; /* number of bits in c*/ + // UTF-8 can ecode max 36 bits (standard says 21) - noop on 32 bit. + if (b > 36) { s++; continue; } // bug#15 CVE-2019-20006 / bug#17 CVE-2019-20202 b = (b - 2) / 5; /* number of bytes in payload*/ *(s++) = (0xFF << (7 - b)) | (c >> (6 * b)); /* head*/ while (b) *(s++) = 0x80 | ((c >> (6 * --b)) & 0x3F); /* payload*/
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor