Brad Bishop | c4ea075 | 2018-11-15 14:30:15 -0800 | [diff] [blame] | 1 | From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001 |
| 2 | From: Changqing Li <changqing.li@windriver.com> |
| 3 | Date: Thu, 1 Nov 2018 15:30:56 +0800 |
| 4 | Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr |
| 5 | |
| 6 | CVE-2018-16842 |
| 7 | Reported-by: Brian Carpenter |
| 8 | Bug: https://curl.haxx.se/docs/CVE-2018-16842.html |
| 9 | |
| 10 | Upstream-Status: Backport [https://github.com/curl/curl/commit |
| 11 | /d530e92f59ae9bb2d47066c3c460b25d2ffeb211] |
| 12 | |
| 13 | CVE: CVE-2018-16842 |
| 14 | |
| 15 | Signed-off-by: Changqing Li <changqing.li@windriver.com> |
| 16 | --- |
| 17 | src/tool_msgs.c | 2 +- |
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 19 | |
| 20 | diff --git a/src/tool_msgs.c b/src/tool_msgs.c |
| 21 | index 9cce806..05bec39 100644 |
| 22 | --- a/src/tool_msgs.c |
| 23 | +++ b/src/tool_msgs.c |
| 24 | @@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, |
| 25 | (void)fwrite(ptr, cut + 1, 1, config->errors); |
| 26 | fputs("\n", config->errors); |
| 27 | ptr += cut + 1; /* skip the space too */ |
| 28 | - len -= cut; |
| 29 | + len -= cut + 1; |
| 30 | } |
| 31 | else { |
| 32 | fputs(ptr, config->errors); |
| 33 | -- |
| 34 | 2.7.4 |
| 35 | |