Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Staging:A
libmspack
libmspack-0.6alpha-CVE-2019-1010305.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libmspack-0.6alpha-CVE-2019-1010305.patch of Package libmspack
From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001 From: Stuart Caie <kyzer@cabextract.org.uk> Date: Mon, 18 Feb 2019 13:04:58 +0000 Subject: [PATCH] length checks when looking for control files --- libmspack/mspack/chmd.c | 24 +++++++++++------------- 2 files changed, 19 insertions(+), 13 deletions(-) Index: libmspack-0.6alpha/mspack/chmd.c =================================================================== --- libmspack-0.6alpha.orig/mspack/chmd.c +++ libmspack-0.6alpha/mspack/chmd.c @@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspa if (name[0] == ':' && name[1] == ':') { /* system file */ - if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) { - if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) { - chm->sec1.content = fi; - } - else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) { - chm->sec1.control = fi; - } - else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) { - chm->sec1.spaninfo = fi; - } - else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) { - chm->sec1.rtable = fi; - } + if (name_len == 40 && memcmp(name, content_name, 40) == 0) { + chm->sec1.content = fi; + } + else if (name_len == 44 && memcmp(name, control_name, 44) == 0) { + chm->sec1.control = fi; + } + else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) { + chm->sec1.spaninfo = fi; + } + else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) { + chm->sec1.rtable = fi; } fi->next = chm->sysfiles; chm->sysfiles = fi;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor