File netatalk-CVE-2022-45188.patch of Package netatalk.30708

Overview Repositories Revisions Requests Users Attributes Meta

File netatalk-CVE-2022-45188.patch of Package netatalk.30708

Index: netatalk-3.1.0/etc/afpd/appl.c
===================================================================
--- netatalk-3.1.0.orig/etc/afpd/appl.c
+++ netatalk-3.1.0/etc/afpd/appl.c
@@ -419,6 +419,10 @@ int afp_getappl(AFPObj *obj, char *ibuf,
         memcpy( &len, p, sizeof( len ));
         len = ntohs( len );
         p += sizeof( u_short );
+        if ( len > sizeof(obj->oldtmp) - (p - buf) ) {
+            *rbuflen = 0;
+            return( AFPERR_NOITEM );
+        }
         if (( cc = read( sa.sdt_fd, p, len )) < len ) {
             break;
         }
@@ -447,11 +451,16 @@ int afp_getappl(AFPObj *obj, char *ibuf,
         char		*u, *m;
         int		i, h;
 
+        if ( len > sizeof(utomname) ) {
+            *rbuflen = 0;
+            return( AFPERR_NOITEM );
+        }
+
         u = p;
         m = utomname;
         i = len;
         while ( i ) {
-            if ( *u == ':' && *(u+1) != '\0' && islxdigit( *(u+1)) &&
+            if ( i >= 3 && i + 2 < len && *u == ':' && *(u+1) != '\0' && islxdigit( *(u+1)) &&
                     *(u+2) != '\0' && islxdigit( *(u+2))) {
                 ++u, --i;
                 h = hextoint( *u ) << 4;

Places

File netatalk-CVE-2022-45188.patch of Package netatalk.30708

Places