diff options
Diffstat (limited to 'meta/recipes-extended/wget/wget/CVE-2019-5953.patch')
-rw-r--r-- | meta/recipes-extended/wget/wget/CVE-2019-5953.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch new file mode 100644 index 0000000000..00efe20a2f --- /dev/null +++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001 | ||
2 | From: Tim Ruehsen <tim.ruehsen@gmx.de> | ||
3 | Date: Fri, 5 Apr 2019 11:50:44 +0200 | ||
4 | Subject: Fix a buffer overflow vulnerability | ||
5 | |||
6 | * src/iri.c(do_conversion): Reallocate the output buffer to a larger | ||
7 | size if it is already full | ||
8 | Upstream-Status: Backport | ||
9 | CVE: CVE-2019-5953 | ||
10 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
11 | --- | ||
12 | --- a/src/iri.c | ||
13 | +++ b/src/iri.c | ||
14 | @@ -188,11 +191,14 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz | ||
15 | } | ||
16 | else if (errno == E2BIG) /* Output buffer full */ | ||
17 | { | ||
18 | + logprintf (LOG_VERBOSE, | ||
19 | + _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen); | ||
20 | tooshort++; | ||
21 | done = len; | ||
22 | - len = outlen = done + inlen * 2; | ||
23 | - s = xrealloc (s, outlen + 1); | ||
24 | - *out = s + done; | ||
25 | + len = done + inlen * 2; | ||
26 | + s = xrealloc (s, len + 1); | ||
27 | + *out = s + done - outlen; | ||
28 | + outlen += inlen * 2; | ||
29 | } | ||
30 | else /* Weird, we got an unspecified error */ | ||
31 | { | ||
32 | -- | ||
33 | cgit v1.0-41-gc330 | ||
34 | |||