Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
netcdf.34857
Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16-CVE-2019-20198-bug-20.patch of Package netcdf.34857
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:52:52 2021 +0200 Subject: Fix CVE-2021-31229 bug 26, CVE-2019-20201 bug 16, CVE-2019-20198 bug 20 Patch-mainline: Not yet Git-commit: 9b1b7867f337d4256fbc7b5d2bb5bed0889cbe7c References: This Fixes https://sourceforge.net/p/ezxml/bugs/26/ https://sourceforge.net/p/ezxml/bugs/16/ https://sourceforge.net/p/ezxml/bugs/20/ Signed-off-by: Egbert Eich <eich@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index b11c88a..225bcd8 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -327,6 +327,7 @@ short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len) { char q, *c, *t, *n = NULL, *v, **ent, **pe; int i, j; + size_t n_len, n_off; pe = memcpy(malloc(sizeof(EZXML_NIL)), EZXML_NIL, sizeof(EZXML_NIL)); @@ -337,7 +338,13 @@ short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len) else if (! strncmp(s, "<!ENTITY", 8)) { /* parse entity definitions*/ c = s += strspn(s + 8, EZXML_WS) + 8; /* skip white space separator*/ n = s + strspn(s, EZXML_WS "%"); /* find name*/ - *(s = n + strcspn(n, EZXML_WS)) = ';'; /* append ; to name*/ + n_len = strlen(n); + n_off = strcspn(n, EZXML_WS); + if(n_off >= n_len) { + ezxml_err(root, NULL, "write past buffer (<!ENTITY)"); + break; + } + *(s = n + n_off) = ';'; // append ; to name v = s + strspn(s + 1, EZXML_WS) + 1; /* find value*/ if ((q = *(v++)) != '"' && q != '\'') { /* skip externals*/
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor