Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
adns
adns-1.4-CVE-2017-9108.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File adns-1.4-CVE-2017-9108.patch of Package adns
From 72c6bfd77dfdb34457a792874fd1c3030fca90ac Mon Sep 17 00:00:00 2001 From: Ian Jackson <ijackson@chiark.greenend.org.uk> Date: Tue, 6 Dec 2016 12:51:44 +0000 Subject: [PATCH 10/32] SECURITY: adnshost: Fix missing-final-newline handling on stdin read It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather we should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. Found by AFL 2.35b. CVE-2017-9108. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> --- client/adh-main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/adh-main.c b/client/adh-main.c index 9709be2..31335b7 100644 --- a/client/adh-main.c +++ b/client/adh-main.c @@ -206,7 +206,7 @@ static void read_stdin(void) { if (r == 0) { if (used) { /* fake up final newline */ - buf[used++]= '\n'; + buf[used]= '\n'; r= 1; } else { ov_pipe= 0; -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor