Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libXpm.30890
U_0002-Fix-CVE-2022-46285-Infinite-loop-on-uncl...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch of Package libXpm.30890
From 4636007dd4cebca8ee10738a7833f629d8687529 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Sat, 17 Dec 2022 12:23:45 -0800 Subject: [PATCH libXpm 2/5] Fix CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed (i.e. a C-style comment starts with "/*" and is missing the closing "*/"), the ParseComment() function will loop forever calling getc() to try to read the rest of the comment, failing to notice that it has returned EOF, which may cause a denial of service to the calling program. Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- src/data.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/data.c b/src/data.c index 898889c..bfad4ff 100644 --- a/src/data.c +++ b/src/data.c @@ -174,6 +174,10 @@ ParseComment(xpmData *data) notend = 0; Ungetc(data, *s, file); } + else if (c == EOF) { + /* hit end of file before the end of the comment */ + return XpmFileInvalid; + } } return 0; } -- 2.15.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor