On 2017-10-01, Jeremie Courreges-Anglas <[email protected]> wrote: > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ devel/libidn/patches/patch-lib_punycode_c 1 Oct 2017 22:06:28 -0000 > @@ -0,0 +1,27 @@ > +$OpenBSD$ > + > +commit e9e81b8063b095b02cf104bb992fa9bf9515b9d8 > +Author: Tim Rühsen <[email protected]> > +Date: Fri Sep 1 10:04:48 2017 +0200 > + > + lib/punycode.c (decode_digit): Fix integer overflow > + > + This fix is a backport from libidn2 and addresses > + CVE-2017-14062. > + > +Index: lib/punycode.c > +--- lib/punycode.c.orig > ++++ lib/punycode.c > +@@ -88,10 +88,10 @@ enum > + /* point (for use in representing integers) in the range 0 to */ > + /* base-1, or base if cp does not represent a value. */ > + > +-static punycode_uint > ++static unsigned > + decode_digit (punycode_uint cp) > + { > +- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : > ++ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : > + cp - 97 < 26 ? cp - 97 : base; > + } > +
This is twice wrong. It's different from the actual change in the referenced commit, and both are different from the libidn2 change. -- Christian "naddy" Weisgerber [email protected]
