forked from brl/citadel
47 lines
1.3 KiB
Plaintext
47 lines
1.3 KiB
Plaintext
|
From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
|
||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
Date: Fri, 31 Mar 2017 16:25:06 +0200
|
||
|
Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
|
||
|
|
||
|
If ptr->line == NULL for an entry, the first cycle will exit,
|
||
|
but the second one will happily write past entries buffer.
|
||
|
We actually do not want to exit the first cycle prematurely
|
||
|
on ptr->line == NULL.
|
||
|
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
|
||
|
CVE: CVE-2017-12424
|
||
|
Upstream-Status: Backport
|
||
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
||
|
---
|
||
|
lib/commonio.c | 8 ++++----
|
||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/lib/commonio.c b/lib/commonio.c
|
||
|
index b10da06..31edbaa 100644
|
||
|
--- a/lib/commonio.c
|
||
|
+++ b/lib/commonio.c
|
||
|
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
|
||
|
for (ptr = db->head;
|
||
|
(NULL != ptr)
|
||
|
#if KEEP_NIS_AT_END
|
||
|
- && (NULL != ptr->line)
|
||
|
- && ( ('+' != ptr->line[0])
|
||
|
- && ('-' != ptr->line[0]))
|
||
|
+ && ((NULL == ptr->line)
|
||
|
+ || (('+' != ptr->line[0])
|
||
|
+ && ('-' != ptr->line[0])))
|
||
|
#endif
|
||
|
;
|
||
|
ptr = ptr->next) {
|
||
|
n++;
|
||
|
}
|
||
|
#if KEEP_NIS_AT_END
|
||
|
- if ((NULL != ptr) && (NULL != ptr->line)) {
|
||
|
+ if (NULL != ptr) {
|
||
|
nis = ptr;
|
||
|
}
|
||
|
#endif
|
||
|
--
|
||
|
2.1.0
|
||
|
|