rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-CVE-2020-8625.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   3cb4a3f67b0462269bb26e409ec81db53d37c7fe
  2.   SOURCES
  3.   bind-9.11-CVE-2020-8625.patch
Blob History Raw
3cb4a3 
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
3cb4a3 
From: Petr Mensik <pemensik@redhat.com>
3cb4a3 
Date: Mon, 15 Feb 2021 12:18:14 +0100
3cb4a3 
Subject: [PATCH] CVE-2020-8625
3cb4a3
3cb4a3 
5562.	[security]	Fix off-by-one bug in ISC SPNEGO implementation.
3cb4a3 
			(CVE-2020-8625) [GL #2354]
3cb4a3 
---
3cb4a3 
 lib/dns/spnego.c | 2 +-
3cb4a3 
 1 file changed, 1 insertion(+), 1 deletion(-)
3cb4a3
3cb4a3 
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
3cb4a3 
index dea108b..13cf15d 100644
3cb4a3 
--- a/lib/dns/spnego.c
3cb4a3 
+++ b/lib/dns/spnego.c
3cb4a3 
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
3cb4a3 
 		return (ASN1_OVERRUN);
3cb4a3 
 	}
3cb4a3
3cb4a3 
-	data->components = malloc(len * sizeof(*data->components));
3cb4a3 
+	data->components = malloc((len + 1) * sizeof(*data->components));
3cb4a3 
 	if (data->components == NULL) {
3cb4a3 
 		return (ENOMEM);
3cb4a3 
 	}
3cb4a3 
--
3cb4a3 
2.26.2
3cb4a3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation