Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
libunbound-devel-mini.24859
bsc1185386.7_CVE-2019-25035.6_fa23ee8f.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1185386.7_CVE-2019-25035.6_fa23ee8f.patch of Package libunbound-devel-mini.24859
From fa23ee8f31ba9a018c720ea822faaee639dc7a9c Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Date: Tue, 19 Nov 2019 16:54:44 +0100 Subject: [PATCH] - Fix Out of Bounds Write in sldns_bget_token_par(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/parse.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) |diff --git doc/Changelog doc/Changelog |index e604158a..54c69a8f 100644 |--- doc/Changelog |+++ doc/Changelog |@@ -15,6 +15,8 @@ | sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. | - Fix Out of Bounds Read in sldns_str2wire_dname(), | reported by X41 D-Sec. |+ - Fix Out of Bounds Write in sldns_bget_token_par(), |+ reported by X41 D-Sec. | | 18 November 2019: Wouter | - In unbound-host use separate variable for get_option to please diff --git sldns/parse.c sldns/parse.c index b62c4059..b30264e8 100644 --- sldns/parse.c +++ sldns/parse.c @@ -325,8 +325,14 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, if (c == '\n' && p != 0) { /* in parentheses */ /* do not write ' ' if we want to skip spaces */ - if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) + if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { + /* check for space for the space character */ + if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + *t = '\0'; + return -1; + } *t++ = ' '; + } lc = c; continue; } -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor