|
|
560f4e |
From 7f28151c0b6bca5cb60f56e9a17ccb2fd9665269 Mon Sep 17 00:00:00 2001
|
|
|
560f4e |
From: Oliver Kiddle <okiddle@yahoo.co.uk>
|
|
|
560f4e |
Date: Sat, 7 Apr 2018 18:28:38 +0200
|
|
|
560f4e |
Subject: [PATCH] 42607, CVE-2018-1100: check bounds on buffer in mail checking
|
|
|
560f4e |
|
|
|
560f4e |
Upstream-commit: 31f72205630687c1cef89347863aab355296a27f
|
|
|
560f4e |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
560f4e |
---
|
|
|
560f4e |
Src/utils.c | 8 +++++---
|
|
|
560f4e |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
560f4e |
|
|
|
560f4e |
diff --git a/Src/utils.c b/Src/utils.c
|
|
|
560f4e |
index c6eba63..41ec45c 100644
|
|
|
560f4e |
--- a/Src/utils.c
|
|
|
560f4e |
+++ b/Src/utils.c
|
|
|
560f4e |
@@ -1414,7 +1414,7 @@ checkmailpath(char **s)
|
|
|
560f4e |
LinkList l;
|
|
|
560f4e |
DIR *lock = opendir(unmeta(*s));
|
|
|
560f4e |
char buf[PATH_MAX * 2], **arr, **ap;
|
|
|
560f4e |
- int ct = 1;
|
|
|
560f4e |
+ int buflen, ct = 1;
|
|
|
560f4e |
|
|
|
560f4e |
if (lock) {
|
|
|
560f4e |
char *fn;
|
|
|
560f4e |
@@ -1423,9 +1423,11 @@ checkmailpath(char **s)
|
|
|
560f4e |
l = newlinklist();
|
|
|
560f4e |
while ((fn = zreaddir(lock, 1)) && !errflag) {
|
|
|
560f4e |
if (u)
|
|
|
560f4e |
- sprintf(buf, "%s/%s?%s", *s, fn, u);
|
|
|
560f4e |
+ buflen = snprintf(buf, sizeof(buf), "%s/%s?%s", *s, fn, u);
|
|
|
560f4e |
else
|
|
|
560f4e |
- sprintf(buf, "%s/%s", *s, fn);
|
|
|
560f4e |
+ buflen = snprintf(buf, sizeof(buf), "%s/%s", *s, fn);
|
|
|
560f4e |
+ if (buflen < 0 || buflen >= (int)sizeof(buf))
|
|
|
560f4e |
+ continue;
|
|
|
560f4e |
addlinknode(l, dupstring(buf));
|
|
|
560f4e |
ct++;
|
|
|
560f4e |
}
|
|
|
560f4e |
--
|
|
|
560f4e |
2.14.3
|
|
|
560f4e |
|