Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
squid.31656
SQUID-2023_7.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_7.patch of Package squid.31656
commit 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Author: Alex Rousskov <rousskov@measurement-factory.com> Date: Wed Oct 25 19:41:45 2023 +0000 RFC 1123: Fix date parsing (#1538) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time Handling". diff --git a/lib/rfc1123.c b/lib/rfc1123.c index e5bf9a4d7..cb484cc00 100644 --- a/lib/rfc1123.c +++ b/lib/rfc1123.c @@ -50,7 +50,13 @@ make_month(const char *s) char month[3]; month[0] = xtoupper(*s); + if (!month[0]) + return -1; // protects *(s + 1) below + month[1] = xtolower(*(s + 1)); + if (!month[1]) + return -1; // protects *(s + 2) below + month[2] = xtolower(*(s + 2)); for (i = 0; i < 12; i++)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor