Merge pull request #17114 from paper42/cve-2019-19906-19
[19.07] cyrus-sasl: patch CVE-2019-19906
This commit is contained in:
Josef Schlehofer
GitHub
commit
020756ecc2
2 changed files with 24 additions and 1 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=cyrus-sasl
|
||||
PKG_VERSION:=2.1.27
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
|
||||
|
||||
|
|
|
|||
23
libs/cyrus-sasl/patches/CVE-2019-19906.patch
Normal file
23
libs/cyrus-sasl/patches/CVE-2019-19906.patch
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
From dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 Mon Sep 17 00:00:00 2001
|
||||
From: Quanah Gibson-Mount <quanah@symas.com>
|
||||
Date: Tue, 18 Feb 2020 19:05:12 +0000
|
||||
Subject: [PATCH] Fix #587
|
||||
|
||||
Off by one error in common.c, CVE-2019-19906.
|
||||
|
||||
Thanks to Stephan Zeisberg for reporting
|
||||
---
|
||||
lib/common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/lib/common.c
|
||||
+++ b/lib/common.c
|
||||
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
|
||||
|
||||
if (add==NULL) add = "(null)";
|
||||
|
||||
- addlen=strlen(add); /* only compute once */
|
||||
+ addlen=strlen(add)+1; /* only compute once */
|
||||
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
|
||||
return SASL_NOMEM;
|
||||
|
||||
Loading…
Reference in a new issue