1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 93d41d82963b2cfd0b24c906f5a8daf53281b559 Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin (Intel)" <hpa@zytor.com>
Date: Fri, 16 Aug 2019 01:12:54 -0700
Subject: [PATCH] BR 3392576: don't segfault on a bad %pragma limit
Don't segfault on a bad %pragma limit. Instead treat a NULL pointer as
an empty string.
Reported-by: Ren Kimura <rkx1209dev@gmail.com>
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
CVE: CVE-2019-14248
Upstream-Status: Backport [https://repo.or.cz/nasm.git/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
asm/nasm.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/asm/nasm.c b/asm/nasm.c
index c84d675..65116ab 100644
--- a/asm/nasm.c
+++ b/asm/nasm.c
@@ -212,6 +212,11 @@ nasm_set_limit(const char *limit, const char *valstr)
bool rn_error;
int errlevel;
+ if (!limit)
+ limit = "";
+ if (!valstr)
+ valstr = "";
+
for (i = 0; i <= LIMIT_MAX; i++) {
if (!nasm_stricmp(limit, limit_info[i].name))
break;
@@ -204,7 +209,7 @@ nasm_set_limit(const char *limit, const char *valstr)
errlevel = ERR_WARNING|ERR_NOFILE|ERR_USAGE;
else
errlevel = ERR_WARNING|ERR_PASS1|WARN_UNKNOWN_PRAGMA;
- nasm_error(errlevel, "unknown limit: `%s'", limit);
+ nasm_error(errlevel, "invalid limit value: `%s'", valstr);
return DIRR_ERROR;
}
|
