Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
netcdf.34857
Fix-for-CVE-2019-20007-ezxml-bug-13.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-for-CVE-2019-20007-ezxml-bug-13.patch of Package netcdf.34857
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:44:01 2021 +0200 Subject: Fix for CVE-2019-20007 / ezxml bug 13 Patch-mainline: Not yet Git-commit: 42372bd1a026bcfdcda2f3c45d724151fd9e1379 References: Make sure that ezxml_str2utf8() has succeeded. This fixes https://sourceforge.net/p/ezxml/bugs/13/ Signed-off-by: Egbert Eich <eich@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 1 + 1 file changed, 1 insertion(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index d60d4a3..144fa2d 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -485,6 +485,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len) root->m = s; if (! len) return ezxml_err(root, NULL, "root tag missing"); root->u = ezxml_str2utf8(&s, &len); /* convert utf-16 to utf-8*/ + if (! s) return ezxml_err(root, NULL, "invalid root tag"); // bug#13 / CVE-2019-20007 root->e = (root->s = s) + len; /* record start and end of work area*/ e = s[len - 1]; /* save end char*/
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor