svn commit: r357213 - stable/12/lib/libfetch

Tue, 28 Jan 2020 10:41:20 -0800 

Author: gordon
Date: Tue Jan 28 18:40:55 2020
New Revision: 357213
URL: https://svnweb.freebsd.org/changeset/base/357213

Log:
  MFC 357212.
  
  Fix urldecode buffer overrun.
  
  Reported by:  Duncan Overbruck
  Approved by:  so
  Security:     FreeBSD-SA-20:01.libfetch
  Security:     CVE-2020-7450

Modified:
  stable/12/lib/libfetch/fetch.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/lib/libfetch/fetch.c
==============================================================================
--- stable/12/lib/libfetch/fetch.c      Tue Jan 28 18:37:18 2020        
(r357212)
+++ stable/12/lib/libfetch/fetch.c      Tue Jan 28 18:40:55 2020        
(r357213)
@@ -330,6 +330,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dle
                }
                if (dlen-- > 0)
                        *dst++ = c;
+               else
+                       return (NULL);
        }
        return (s);
 }
@@ -377,11 +379,15 @@ fetchParseURL(const char *URL)
        if (p && *p == '@') {
                /* username */
                q = fetch_pctdecode(u->user, URL, URL_USERLEN);
+               if (q == NULL)
+                       goto ouch;
 
                /* password */
-               if (*q == ':')
+               if (*q == ':') {
                        q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
-
+                       if (q == NULL)
+                               goto ouch;
+               }
                p++;
        } else {
                p = URL;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to