poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch - openbmc/openbmc - Gitiles

 Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.

 Patch taken from Fedora.

 CVE: CVE-2018-10195
 Upstream-Status: Inappropriate (dead upstream)
 Signed-off-by: Ross Burton <ross.burton@intel.com>

 diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
 --- lrzsz-0.12.20/src/zm.c	Tue Dec 29 09:48:38 1998
 +++ lrzsz-0.12.20.new/src/zm.c	Tue Oct  8 12:46:58 2002
 @@ -431,10 +431,12 @@
  	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
  		Zendnames[(frameend-ZCRCE)&3]));
  	crc = 0;
 -	do {
 -		zsendline(*buf); crc = updcrc((0377 & *buf), crc);
 -		buf++;
 -	} while (--length>0);
 +
 +	for( ; length; length--) {
 +	  zsendline(*buf); crc = updcrc((0377 & *buf), crc);
 +	  buf++;
 +	}
 +
  	xsendline(ZDLE); xsendline(frameend);
  	crc = updcrc(frameend, crc);
	Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.

	Patch taken from Fedora.

	CVE: CVE-2018-10195
	Upstream-Status: Inappropriate (dead upstream)
	Signed-off-by: Ross Burton <ross.burton@intel.com>

	diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
	--- lrzsz-0.12.20/src/zm.c Tue Dec 29 09:48:38 1998
	+++ lrzsz-0.12.20.new/src/zm.c Tue Oct 8 12:46:58 2002
	@@ -431,10 +431,12 @@
	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
	Zendnames[(frameend-ZCRCE)&3]));
	crc = 0;
	- do {
	- zsendline(buf); crc = updcrc((0377 & buf), crc);
	- buf++;
	- } while (--length>0);
	+
	+ for( ; length; length--) {
	+ zsendline(buf); crc = updcrc((0377 & buf), crc);
	+ buf++;
	+ }
	+
	xsendline(ZDLE); xsendline(frameend);
	crc = updcrc(frameend, crc);