File libical-timezone-use-after-free.patch of Package libical

Overview Repositories Revisions Requests Users Attributes Meta

File libical-timezone-use-after-free.patch of Package libical

From 6bcc779a17a2d286e4c3cb958ddf369cc01cb42c Mon Sep 17 00:00:00 2001
From: Allen Winter <allen.winter@kdab.com>
Date: Thu, 15 Dec 2016 18:17:10 -0500
Subject: [PATCH] icaltimezone.c - fix heap-use-after-free caused by
 fetch_lat_long_from_string() issue#262

Backported by Mike Gorse <mgorse@suse.com>
---
diff -urp libical-2.0.0.orig/src/libical/icaltimezone.c libical-2.0.0/src/libical/icaltimezone.c
--- libical-2.0.0.orig/src/libical/icaltimezone.c	2015-12-28 15:44:53.000000000 -0600
+++ libical-2.0.0/src/libical/icaltimezone.c	2017-06-19 15:48:27.789017341 -0500
@@ -1520,39 +1520,39 @@ static int fetch_lat_long_from_string(co
 
     /* We need to parse the latitude/longitude co-ordinates and location fields  */
     sptr = (char *)str;
-    while (*sptr != '\t') {
+    while ((*sptr != '\t') && (*sptr != '\0')) {
         sptr++;
     }
     temp = ++sptr;
-    while (*sptr != '\t') {
+    while (*sptr != '\t' && *sptr != '\0') {
         sptr++;
     }
     len = (ptrdiff_t) (sptr - temp);
     lat = (char *)malloc(len + 1);
     lat = strncpy(lat, temp, len);
     lat[len] = '\0';
-    while (*sptr != '\t') {
+    while ((*sptr != '\t') && (*sptr != '\0')) {
         sptr++;
     }
     loc = ++sptr;
-    while (!isspace((int)(*sptr))) {
+    while (!isspace((int)(*sptr)) && (*sptr != '\0')) {
         sptr++;
     }
-    len = (ptrdiff_t) (sptr - loc);
+    len = (ptrdiff_t)(sptr - loc);
     location = strncpy(location, loc, len);
     location[len] = '\0';
 
 #if defined(sun) && defined(__SVR4)
     /* Handle EET, MET and WET in zone_sun.tab. */
     if (!strcmp(location, "Europe/")) {
-        while (*sptr != '\t') {
+        while ((*sptr != '\t') && (*sptr != '\0')) {
             sptr++;
         }
         loc = ++sptr;
-        while (!isspace(*sptr)) {
+        while (!isspace(*sptr) && (*sptr != '\0')) {
             sptr++;
         }
-        len = sptr - loc;
+        len = (ptrdiff_t)(sptr - loc);
         location = strncpy(location, loc, len);
         location[len] = '\0';
     }
Only in libical-2.0.0/src/libical: icaltimezone.c.orig

Places

File libical-timezone-use-after-free.patch of Package libical

Places