Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
mercurial.7061
hg-CVE-2016-3630-parsers_detect_short_records.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-CVE-2016-3630-parsers_detect_short_records.patch of Package mercurial.7061
# HG changeset patch # User Matt Mackall <mpm@selenic.com> # Date 1458174626 25200 # Wed Mar 16 17:30:26 2016 -0700 # Branch stable # Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7 # Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 parsers: detect short records (SEC) CVE-2016-3630 (2/2) This addresses part of a vulnerability in binary delta application. --- mercurial/mpatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -215,10 +215,10 @@ static struct flist *decode(const char * lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8); - if (lt->start > lt->end) - break; /* sanity check */ lt->data = bin + pos + 12; pos += 12 + lt->len; + if (lt->start > lt->end || lt->len < 0) + break; /* sanity check */ lt++; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor