Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
uriparser.9488
CVE-2018-20721.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-20721.patch of Package uriparser.9488
Date: Wed Jan 16 15:36:01 CET 2019 Ported from: commit cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 Author: Sebastian Pipping <sebastian@pipping.org> Date: Sat Dec 8 18:44:11 2018 +0100 Fix uriParse*Ex* out-of-bounds read Index: uriparser-uriparser-0.8.5/src/UriParse.c =================================================================== --- uriparser-uriparser-0.8.5.orig/src/UriParse.c +++ uriparser-uriparser-0.8.5/src/UriParse.c @@ -669,6 +669,11 @@ static const URI_CHAR * URI_FUNC(ParseIP return NULL; } first++; + + if (first >= afterLast) { + URI_FUNC(StopSyntax)(state, first); + return NULL; + } } } else { /* Eat while no dot in sight */ Index: uriparser-uriparser-0.8.5/test/test.cpp =================================================================== --- uriparser-uriparser-0.8.5.orig/test/test.cpp +++ uriparser-uriparser-0.8.5/test/test.cpp @@ -304,6 +304,20 @@ Rule | Ex URI_TEST_IP_SIX_FAIL("g:0:0:0:0:0:0"); } + void testIpSixOverread() { + UriParserStateStructA uri; + const char * errorPos; + + // NOTE: This string is designed to not have a terminator + char uriText[2 + 3 + 2 + 1 + 1]; + strncpy(uriText, "//[::44.1", sizeof(uriText)); + + TEST_ASSERT(URI_ERROR_SYNTAX == + uriParseUriExA(&uri, uriText, uriText + sizeof(uriText))); + TEST_ASSERT(URI_ERROR_SYNTAX == uri.errorCode); + TEST_ASSERT(uri.errorPos == uriText + sizeof(uriText)); + } + void testUri() { UriParserStateA stateA; UriParserStateW stateW;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
