rpms / squid

Clone
Source Code
GIT

Blame SOURCES/squid-3.5.20-CVE-2018-1000024.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-4 c8-stream-4 c8s-stream-4 c9 c9-beta
  1.   e6ac7e82d29e1f4df90b7e7bafa389f9b9f67863
  2.   SOURCES
  3.   squid-3.5.20-CVE-2018-1000024.patch
Blob History Raw
e6ac7e 
commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
e6ac7e 
Author: Amos Jeffries <yadij@users.noreply.github.com>
e6ac7e 
Date:   2018-01-19 13:54:14 +1300
e6ac7e
e6ac7e 
    ESI: make sure endofName never exceeds tagEnd (#130)
e6ac7e
e6ac7e 
diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
e6ac7e 
index d86d2d3..db634d9 100644
e6ac7e 
--- a/src/esi/CustomParser.cc
e6ac7e 
+++ b/src/esi/CustomParser.cc
e6ac7e 
@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
e6ac7e
e6ac7e 
             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
e6ac7e
e6ac7e 
-            if (endofName > tagEnd)
e6ac7e 
+            if (!endofName || endofName > tagEnd)
e6ac7e 
                 endofName = const_cast<char *>(tagEnd);
e6ac7e
e6ac7e 
             *endofName = '\0';
e6ac7e 
@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
e6ac7e
e6ac7e 
             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
e6ac7e
e6ac7e 
-            if (endofName > tagEnd)
e6ac7e 
+            if (!endofName || endofName > tagEnd)
e6ac7e 
                 endofName = const_cast<char *>(tagEnd);
e6ac7e
e6ac7e 
             *endofName = '\0';

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation