Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
curl-mini
curl-CVE-2018-16839.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2018-16839.patch of Package curl-mini
From 92acf6a2df83285a397919506a0a45a638564b9c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Fri, 28 Sep 2018 16:08:16 +0200 Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check Reported-by: Harry Sintonen --- lib/vauth/cleartext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c index a10edbdc7..be6d6111e 100644 --- a/lib/vauth/cleartext.c +++ b/lib/vauth/cleartext.c @@ -72,11 +72,11 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, *outptr = NULL; ulen = strlen(userp); plen = strlen(passwdp); /* Compute binary message length. Check for overflows. */ - if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) + if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) return CURLE_OUT_OF_MEMORY; plainlen = 2 * ulen + plen + 2; plainauth = malloc(plainlen); if(!plainauth) -- 2.19.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor