|
 |
b91d92 |
From 27d6c92acdac671ddf8f77f72956b2181561f774 Mon Sep 17 00:00:00 2001
|
|
|
b91d92 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
b91d92 |
Date: Sun, 28 Oct 2018 01:33:23 +0200
|
|
|
b91d92 |
Subject: [PATCH 1/2] voutf: fix bad arethmetic when outputting warnings to
|
|
|
b91d92 |
stderr
|
|
|
b91d92 |
|
|
|
b91d92 |
CVE-2018-16842
|
|
|
b91d92 |
Reported-by: Brian Carpenter
|
|
|
b91d92 |
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
|
|
|
b91d92 |
|
|
|
b91d92 |
Upstream-commit: d530e92f59ae9bb2d47066c3c460b25d2ffeb211
|
|
|
b91d92 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b91d92 |
---
|
|
|
b91d92 |
src/tool_msgs.c | 2 +-
|
|
|
b91d92 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
b91d92 |
|
|
|
b91d92 |
diff --git a/src/tool_msgs.c b/src/tool_msgs.c
|
|
|
b91d92 |
index 9cce806..05bec39 100644
|
|
|
b91d92 |
--- a/src/tool_msgs.c
|
|
|
b91d92 |
+++ b/src/tool_msgs.c
|
|
|
b91d92 |
@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
|
|
|
b91d92 |
(void)fwrite(ptr, cut + 1, 1, config->errors);
|
|
|
b91d92 |
fputs("\n", config->errors);
|
|
|
b91d92 |
ptr += cut + 1; /* skip the space too */
|
|
|
b91d92 |
- len -= cut;
|
|
|
b91d92 |
+ len -= cut + 1;
|
|
|
b91d92 |
}
|
|
|
b91d92 |
else {
|
|
|
b91d92 |
fputs(ptr, config->errors);
|
|
|
b91d92 |
--
|
|
|
b91d92 |
2.17.2
|
|
|
b91d92 |
|
|
|
b91d92 |
|
|
|
b91d92 |
From 23f8c641b02e6c302d0e8cc5a5ee225a33b01f28 Mon Sep 17 00:00:00 2001
|
|
|
b91d92 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
b91d92 |
Date: Sun, 28 Oct 2018 10:43:57 +0100
|
|
|
b91d92 |
Subject: [PATCH 2/2] test2080: verify the fix for CVE-2018-16842
|
|
|
b91d92 |
|
|
|
b91d92 |
Upstream-commit: 350306e4726b71b5b386fc30e3fecc039a807157
|
|
|
b91d92 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b91d92 |
---
|
|
|
b91d92 |
tests/data/Makefile.inc | 4 ++--
|
|
|
b91d92 |
tests/data/test2080 | Bin 0 -> 20659 bytes
|
|
|
b91d92 |
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
b91d92 |
create mode 100644 tests/data/test2080
|
|
|
b91d92 |
|
|
|
b91d92 |
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
|
|
b91d92 |
index e045748..aa5fff0 100644
|
|
|
b91d92 |
--- a/tests/data/Makefile.inc
|
|
|
b91d92 |
+++ b/tests/data/Makefile.inc
|
|
|
b91d92 |
@@ -198,7 +198,7 @@ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
|
|
|
b91d92 |
test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
|
|
|
b91d92 |
test2064 test2065 test2066 test2067 test2068 test2069 \
|
|
|
b91d92 |
\
|
|
|
b91d92 |
-test2070 test2071 test2072 test2073 \
|
|
|
b91d92 |
-test2074 test2075 \
|
|
|
b91d92 |
+test2070 test2071 test2072 test2073 test2074 test2075 \
|
|
|
b91d92 |
+test2080 \
|
|
|
b91d92 |
\
|
|
|
b91d92 |
test3000 test3001
|
|
|
b91d92 |
diff --git a/tests/data/test2080 b/tests/data/test2080
|
|
|
b91d92 |
new file mode 100644
|
|
|
b91d92 |
index 0000000000000000000000000000000000000000..47e376ecb5d7879c0a98e392bff48ccc52e9db0a
|
|
|
b91d92 |
GIT binary patch
|
|
|
b91d92 |
literal 20659
|
|
|
b91d92 |
zcmeI)Pj3@35QkyT{uI*`iBshYE(n>u@JB+F3kdG+t~asjwJY0gl}``eO+)FONU8ef
|
|
|
b91d92 |
zl6Ca+%<OZ|nCeRHZE>A4K8~q<UAgUD%0ubY=PwtZRG;GL*UIRJ-;Lfy)u}p_A1>dz
|
|
|
b91d92 |
zd{+G6l*#ToY+DU||F9%J1n*+KPxQ;7MapuoQ!&MMQSXmpqMh0_yS6g=;N;HNjilBk
|
|
|
b91d92 |
zY$c?)mULZxib{;$g~jw~nrs|8b@sJI)_QmS_4(WLrNld}2Y0LEO$e>m->_NA&o$n!
|
|
|
b91d92 |
z9^YDZ>cvMs2q1s}0tg_000PG)@a?$9VHyMwKmY**5I_I{1Q0m1z~!MEP#*yV5I_I{
|
|
|
b91d92 |
z1Q0*~0R#|0009ILKmY**4ldvh-hl=PAb
|
|
|
b91d92 |
z2q1s}0tg_0z|jf3Ji3V(2mu5TK;StGoIK~3=iL!N0D=D{@VjlsoA=?(>-+Xw`j-8D
|
|
|
b91d92 |
zzg+g?Rt8(G*s;1Sb>n1S94H%G
|
|
|
b91d92 |
jB)+~1L0rx$OS-AbERTH}TH`mZ^*=|W_vMU!*i-li)g+9V
|
|
|
b91d92 |
|
|
|
b91d92 |
literal 0
|
|
|
b91d92 |
HcmV?d00001
|
|
|
b91d92 |
|
|
|
b91d92 |
--
|
|
|
b91d92 |
2.17.2
|
|
|
b91d92 |
|