Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch

29 lines
742 B
Diff
Raw Normal View History

lrzsz: update to v0.12.21rc and fix a CVE This updates to v0.12.21rc from 1999 (sic), which was never officially released. There're fixes in there, and it's what debian ships, so let's use that too. While at it, use debian's autohell hack and package description too. Patch 1 fixes a hang with musl. Patch 2 fixes CVE-2018-10195, add PKG_CPE_ID while at it. Refesh the rest. Fixes: CVE-2018-10195 Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-14 10:40:39 +00:00
From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001
From: Uwe Ohse <uwe@ohse.de>
Date: Sun, 1 Mar 2020 22:35:28 +0000
Subject: [PATCH] may-be-security-fix: avoid possible underflow
Fixes: CVE-2018-10195
[a.heider: mention CVE in commit message]
---
src/zm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/src/zm.c
+++ b/src/zm.c
@@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i
VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
Zendnames[(frameend-ZCRCE)&3]));
crc = 0;
- do {
+ while (length>0) {
zsendline(*buf); crc = updcrc((0377 & *buf), crc);
buf++;
- } while (--length>0);
+ length--;
+ }
xsendline(ZDLE); xsendline(frameend);
crc = updcrc(frameend, crc);
Reference in a new issue Copy permalink