Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libplist.4095
0020-Prevent-OOB-read-when-parsing-data-string-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch of Package libplist.4095
From fc047e6de9d7afa3b168fd2c4d1d0884788e7086 Mon Sep 17 00:00:00 2001 From: Nikias Bassen <nikias@gmx.li> Date: Fri, 3 Feb 2017 23:33:07 +0100 Subject: [PATCH] bplist: Prevent OOB read when parsing data/string/array/dict size nodes As reported in #91, the code that will read the big endian integer value of variable size did not check if the actual number of bytes is still withing the range of the actual plist data. This commit fixes the issue with proper bounds checking. --- src/bplist.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/bplist.c b/src/bplist.c index 1a40556..0cfe5fe 100644 --- a/src/bplist.c +++ b/src/bplist.c @@ -530,6 +530,8 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) return NULL; (*object)++; next_size = 1 << next_size; + if (*object + next_size >= bplist->data + bplist->size) + return NULL; size = UINT_TO_HOST(*object, next_size); (*object) += next_size; break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor