File util-linux-libuuid-uuid_parse-overrun.patch of Package util-linux.26136

Overview Repositories Revisions Requests Users Attributes Meta

File util-linux-libuuid-uuid_parse-overrun.patch of Package util-linux.26136

From 8596101d21a9bdc85388486ec9c431c114a443e3 Mon Sep 17 00:00:00 2001
From: Zane van Iperen <zane@zanevaniperen.com>
Date: Wed, 16 Feb 2022 00:57:17 +1000
Subject: [PATCH 1/4] libuuid: fix buffer overrun in uuid_parse_range()

It attempts to access in_start[36], despite 35 being the maximum
allowed index.

Reported-by: Pierre-Anthony Lemieux <pal@palemieux.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
---
 libuuid/src/parse.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/libuuid/src/parse.c b/libuuid/src/parse.c
index d0c69b0e6..c3e228112 100644
--- a/libuuid/src/parse.c
+++ b/libuuid/src/parse.c
@@ -58,16 +58,14 @@ int uuid_parse_range(const char *in_start, const char *in_end, uuid_t uu)
 
 	if ((in_end - in_start) != 36)
 		return -1;
-	for (i=0, cp = in_start; i <= 36; i++,cp++) {
+	for (i=0, cp = in_start; i < 36; i++,cp++) {
 		if ((i == 8) || (i == 13) || (i == 18) ||
 		    (i == 23)) {
 			if (*cp == '-')
 				continue;
 			return -1;
 		}
-		if (i== 36)
-			if (*cp == 0)
-				continue;
+
 		if (!isxdigit(*cp))
 			return -1;
 	}
-- 
2.37.1

Places

File util-linux-libuuid-uuid_parse-overrun.patch of Package util-linux.26136

Places