diff options
Diffstat (limited to 'meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch')
-rw-r--r-- | meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch new file mode 100644 index 0000000000..1c1e120deb --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 | ||
2 | |||
3 | CVE: CVE-2022-0529 | ||
4 | Upstream-Status: Inactive-Upstream [need a new release] | ||
5 | |||
6 | diff --git a/process.c b/process.c | ||
7 | index d2a846e..99b9c7b 100644 | ||
8 | --- a/process.c | ||
9 | +++ b/process.c | ||
10 | @@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all) | ||
11 | char buf[9]; | ||
12 | char *buffer = NULL; | ||
13 | char *local_string = NULL; | ||
14 | + size_t buffer_size; | ||
15 | |||
16 | for (wsize = 0; wide_string[wsize]; wsize++) ; | ||
17 | |||
18 | if (max_bytes < MAX_ESCAPE_BYTES) | ||
19 | max_bytes = MAX_ESCAPE_BYTES; | ||
20 | |||
21 | - if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) { | ||
22 | + buffer_size = wsize * max_bytes + 1; | ||
23 | + if ((buffer = (char *)malloc(buffer_size)) == NULL) { | ||
24 | return NULL; | ||
25 | } | ||
26 | |||
27 | @@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all) | ||
28 | /* no MB for this wide */ | ||
29 | /* use escape for wide character */ | ||
30 | char *escape_string = wide_to_escape_string(wide_string[i]); | ||
31 | - strcat(buffer, escape_string); | ||
32 | + size_t buffer_len = strlen(buffer); | ||
33 | + size_t escape_string_len = strlen(escape_string); | ||
34 | + if (buffer_len + escape_string_len + 1 > buffer_size) | ||
35 | + escape_string_len = buffer_size - buffer_len - 1; | ||
36 | + strncat(buffer, escape_string, escape_string_len); | ||
37 | free(escape_string); | ||
38 | } | ||
39 | } | ||