| Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 1 | From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 |
| 2 | From: Tomas Mraz <tmraz@fedoraproject.org> |
| 3 | Date: Fri, 31 Mar 2017 16:25:06 +0200 |
| 4 | Subject: [PATCH] Fix buffer overflow if NULL line is present in db. |
| 5 | |
| 6 | If ptr->line == NULL for an entry, the first cycle will exit, |
| 7 | but the second one will happily write past entries buffer. |
| 8 | We actually do not want to exit the first cycle prematurely |
| 9 | on ptr->line == NULL. |
| 10 | Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org> |
| 11 | |
| 12 | CVE: CVE-2017-12424 |
| 13 | Upstream-Status: Backport |
| 14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| 15 | --- |
| 16 | lib/commonio.c | 8 ++++---- |
| 17 | 1 file changed, 4 insertions(+), 4 deletions(-) |
| 18 | |
| 19 | diff --git a/lib/commonio.c b/lib/commonio.c |
| 20 | index b10da06..31edbaa 100644 |
| 21 | --- a/lib/commonio.c |
| 22 | +++ b/lib/commonio.c |
| 23 | @@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) |
| 24 | for (ptr = db->head; |
| 25 | (NULL != ptr) |
| 26 | #if KEEP_NIS_AT_END |
| 27 | - && (NULL != ptr->line) |
| 28 | - && ( ('+' != ptr->line[0]) |
| 29 | - && ('-' != ptr->line[0])) |
| 30 | + && ((NULL == ptr->line) |
| 31 | + || (('+' != ptr->line[0]) |
| 32 | + && ('-' != ptr->line[0]))) |
| 33 | #endif |
| 34 | ; |
| 35 | ptr = ptr->next) { |
| 36 | n++; |
| 37 | } |
| 38 | #if KEEP_NIS_AT_END |
| 39 | - if ((NULL != ptr) && (NULL != ptr->line)) { |
| 40 | + if (NULL != ptr) { |
| 41 | nis = ptr; |
| 42 | } |
| 43 | #endif |
| 44 | -- |
| 45 | 2.1.0 |
| 46 | |