| From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001 |
| From: Changqing Li <changqing.li@windriver.com> |
| Date: Thu, 1 Nov 2018 15:30:56 +0800 |
| Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr |
| |
| CVE-2018-16842 |
| Reported-by: Brian Carpenter |
| Bug: https://curl.haxx.se/docs/CVE-2018-16842.html |
| |
| Upstream-Status: Backport [https://github.com/curl/curl/commit |
| /d530e92f59ae9bb2d47066c3c460b25d2ffeb211] |
| |
| CVE: CVE-2018-16842 |
| |
| Signed-off-by: Changqing Li <changqing.li@windriver.com> |
| --- |
| src/tool_msgs.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/tool_msgs.c b/src/tool_msgs.c |
| index 9cce806..05bec39 100644 |
| --- a/src/tool_msgs.c |
| +++ b/src/tool_msgs.c |
| @@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, |
| (void)fwrite(ptr, cut + 1, 1, config->errors); |
| fputs("\n", config->errors); |
| ptr += cut + 1; /* skip the space too */ |
| - len -= cut; |
| + len -= cut + 1; |
| } |
| else { |
| fputs(ptr, config->errors); |
| -- |
| 2.7.4 |
| |