[Midnightbsd-cvs] src [12295] stable/1.2/lib/libfetch/fetch.c: fix a buffer overflow in libfetch
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Jan 28 15:47:10 EST 2020
Revision: 12295
http://svnweb.midnightbsd.org/src/?rev=12295
Author: laffer1
Date: 2020-01-28 15:47:09 -0500 (Tue, 28 Jan 2020)
Log Message:
-----------
fix a buffer overflow in libfetch
Modified Paths:
--------------
stable/1.2/lib/libfetch/fetch.c
Modified: stable/1.2/lib/libfetch/fetch.c
===================================================================
--- stable/1.2/lib/libfetch/fetch.c 2020-01-28 20:46:46 UTC (rev 12294)
+++ stable/1.2/lib/libfetch/fetch.c 2020-01-28 20:47:09 UTC (rev 12295)
@@ -329,6 +329,8 @@
}
if (dlen-- > 0)
*dst++ = c;
+ else
+ return (NULL);
}
return (s);
}
@@ -376,11 +378,15 @@
if (p && *p == '@') {
/* username */
q = fetch_pctdecode(u->user, URL, URL_USERLEN);
+ if (q == NULL)
+ goto ouch;
/* password */
- if (*q == ':')
+ if (*q == ':') {
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
-
+ if (q == NULL)
+ goto ouch;
+ }
p++;
} else {
p = URL;
More information about the Midnightbsd-cvs
mailing list