File adns-1.5.1-CVE-2017-9108.patch of Package adns.15332

Overview Repositories Revisions Requests Users Attributes Meta

File adns-1.5.1-CVE-2017-9108.patch of Package adns.15332

From 72c6bfd77dfdb34457a792874fd1c3030fca90ac Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 6 Dec 2016 12:51:44 +0000
Subject: [PATCH 10/32] SECURITY: adnshost: Fix missing-final-newline handling
 on stdin read

It is wrong to increment used as well as setting r, since used is
incremented according to r, later.  Rather we should be doing what
read() would have done.

Without this fix, adnshost may read and process one byte beyond the
buffer, perhaps crashing or perhaps somehow leaking the value of that
byte.

Found by AFL 2.35b.  CVE-2017-9108.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 client/adh-main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/adh-main.c b/client/adh-main.c
index 9709be2..31335b7 100644
--- a/client/adh-main.c
+++ b/client/adh-main.c
@@ -206,7 +206,7 @@ static void read_stdin(void) {
       if (r == 0) {
 	if (used) {
 	  /* fake up final newline */
-	  buf[used++]= '\n';
+	  buf[used]= '\n';
 	  r= 1;
 	} else {
 	  ov_pipe= 0;
-- 
2.20.1

Places

File adns-1.5.1-CVE-2017-9108.patch of Package adns.15332

Places