Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
libXfont.5549
u_Check-for-end-of-string-in-PatterMatch.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_Check-for-end-of-string-in-PatterMatch.patch of Package libXfont.5549
Path-Mainline: To be upstreamed Author: Michal Srb <msrb@suse.com> Subject: Check for end of string in PatterMatch. References: bnc#1054285 CVE-2017-13720 If a pattern contains '?' character, any character in the string was skipped, even if it was '\0'. The rest of the matching would read invalid memory. Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> --- src/fontfile/fontdir.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) Index: libXfont-1.5.1/src/fontfile/fontdir.c =================================================================== --- libXfont-1.5.1.orig/src/fontfile/fontdir.c +++ libXfont-1.5.1/src/fontfile/fontdir.c @@ -399,8 +399,10 @@ PatternMatch(char *pat, int patdashes, c } } case '?': - if (*string++ == XK_minus) + if ((t = *string++) == XK_minus) stringdashes--; + if (!t) + return 0; break; case '\0': return (*string == '\0');
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor