| From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 |
| From: Tomas Mraz <tmraz@fedoraproject.org> |
| Date: Fri, 31 Mar 2017 16:25:06 +0200 |
| Subject: [PATCH] Fix buffer overflow if NULL line is present in db. |
| |
| If ptr->line == NULL for an entry, the first cycle will exit, |
| but the second one will happily write past entries buffer. |
| We actually do not want to exit the first cycle prematurely |
| on ptr->line == NULL. |
| Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org> |
| |
| CVE: CVE-2017-12424 |
| Upstream-Status: Backport |
| Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| --- |
| lib/commonio.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| diff --git a/lib/commonio.c b/lib/commonio.c |
| index b10da06..31edbaa 100644 |
| --- a/lib/commonio.c |
| +++ b/lib/commonio.c |
| @@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) |
| for (ptr = db->head; |
| (NULL != ptr) |
| #if KEEP_NIS_AT_END |
| - && (NULL != ptr->line) |
| - && ( ('+' != ptr->line[0]) |
| - && ('-' != ptr->line[0])) |
| + && ((NULL == ptr->line) |
| + || (('+' != ptr->line[0]) |
| + && ('-' != ptr->line[0]))) |
| #endif |
| ; |
| ptr = ptr->next) { |
| n++; |
| } |
| #if KEEP_NIS_AT_END |
| - if ((NULL != ptr) && (NULL != ptr->line)) { |
| + if (NULL != ptr) { |
| nis = ptr; |
| } |
| #endif |
| -- |
| 2.1.0 |
| |