Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
netcdf.21641
Fix-for-CVE-2019-20199-ezxml-bug-18.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-for-CVE-2019-20199-ezxml-bug-18.patch of Package netcdf.21641
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:41:34 2021 +0200 Subject: Fix for CVE-2019-20199 / ezxml bug 18 Patch-mainline: Not yet Git-commit: ecb765ec9de8cde38fb7aac55ee68c66482650cc References: Make sure end token ';' has really been found. This fixes https://sourceforge.net/p/ezxml/bugs/18/ Signed-off-by: Egbert Eich <eich@suse.com> --- libdap4/ezxml.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c index c800d69..931ba24 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -193,9 +193,11 @@ char *ezxml_decode(char *s, char **ent, char t) if (ent[b++]) { /* found a match*/ if ((c = strlen(ent[b])) - 1 > (e = strchr(s, ';')) - s) { - l = (d = (s - r)) + c + strlen(e); /* new length*/ + if (!e) { s++; continue; } // bug#18 / CVE-2019-20199 + l = (d = (s - r)) + c + strlen(e); /* new length*/ r = (r == m) ? strcpy(malloc(l), r) : realloc(r, l); e = strchr((s = r + d), ';'); /* fix up pointers*/ + if (!e) { s++; continue; } // bug#18 } memmove(s + c, e + 1, strlen(e)); /* shift rest of string*/
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor