diff options
Diffstat (limited to 'meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch')
-rw-r--r-- | meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch new file mode 100644 index 0000000000..1c1e120deb --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch @@ -0,0 +1,39 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 + +CVE: CVE-2022-0529 +Upstream-Status: Inactive-Upstream [need a new release] + +diff --git a/process.c b/process.c +index d2a846e..99b9c7b 100644 +--- a/process.c ++++ b/process.c +@@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all) + char buf[9]; + char *buffer = NULL; + char *local_string = NULL; ++ size_t buffer_size; + + for (wsize = 0; wide_string[wsize]; wsize++) ; + + if (max_bytes < MAX_ESCAPE_BYTES) + max_bytes = MAX_ESCAPE_BYTES; + +- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) { ++ buffer_size = wsize * max_bytes + 1; ++ if ((buffer = (char *)malloc(buffer_size)) == NULL) { + return NULL; + } + +@@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all) + /* no MB for this wide */ + /* use escape for wide character */ + char *escape_string = wide_to_escape_string(wide_string[i]); +- strcat(buffer, escape_string); ++ size_t buffer_len = strlen(buffer); ++ size_t escape_string_len = strlen(escape_string); ++ if (buffer_len + escape_string_len + 1 > buffer_size) ++ escape_string_len = buffer_size - buffer_len - 1; ++ strncat(buffer, escape_string, escape_string_len); + free(escape_string); + } + } |