rpms / control-center

Clone
Source Code
GIT

Files

  1.   57bc605e57faa007cef8e856fc5fee71c89a20d5
  2.   SOURCES
  3.   0001-hostname-helper-don-t-read-past-0.patch
Blob Blame History Raw 
From 96976105f3dc50bdc75cd23b5d163373a6c4d02f Mon Sep 17 00:00:00 2001
From: Mohammed Sadiq <sadiq@sadiqpk.org>
Date: Fri, 5 May 2017 17:40:33 +0530
Subject: [PATCH 1/3] hostname-helper: don't read past '\0'

g_utf8_find_next_char() doesn't do checks whether the char
is '\0' or not. We have to take care of that ourself.

This commit fixes heap-buffer-overflow found by test-hostname

ERROR: AddressSanitizer: heap-buffer-overflow on address
READ of size 1 at 0x60200000cd76 thread T0
 #0 0x7f8b26920d08 in g_utf8_find_next_char glib/glib/gutf8.c:179
 #1 0x55c2b8eacaee in pretty_hostname_to_ssid gnome-control-center/shell/hostname-helper.c:199

https://bugzilla.gnome.org/show_bug.cgi?id=782216
---
 shell/hostname-helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shell/hostname-helper.c b/shell/hostname-helper.c
index 45baf5184..ab889b96b 100644
--- a/shell/hostname-helper.c
+++ b/shell/hostname-helper.c
@@ -208,6 +208,9 @@ pretty_hostname_to_ssid (const char *pretty)
 			break;
 		}
 
+		if (*p == '\0')
+			break;
+
 		prev = p;
 	}
 
-- 
2.12.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation