Overview

File CVE-2018-20721.patch of Package uriparser

Date: Wed Jan 16 15:36:01 CET 2019
Ported from:

commit cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
Author: Sebastian Pipping <sebastian@pipping.org>
Date:   Sat Dec 8 18:44:11 2018 +0100

    Fix uriParse*Ex* out-of-bounds read

Index: uriparser-uriparser-0.8.5/src/UriParse.c
===================================================================
--- uriparser-uriparser-0.8.5.orig/src/UriParse.c
+++ uriparser-uriparser-0.8.5/src/UriParse.c
@@ -669,6 +669,11 @@ static const URI_CHAR * URI_FUNC(ParseIP
 					return NULL;
 				}
 				first++;
+
+				if (first >= afterLast) {
+					URI_FUNC(StopSyntax)(state, first);
+					return NULL;
+				}
 			}
 		} else {
 			/* Eat while no dot in sight */
Index: uriparser-uriparser-0.8.5/test/test.cpp
===================================================================
--- uriparser-uriparser-0.8.5.orig/test/test.cpp
+++ uriparser-uriparser-0.8.5/test/test.cpp
@@ -304,6 +304,20 @@ Rule                                | Ex
 		URI_TEST_IP_SIX_FAIL("g:0:0:0:0:0:0");
 	}
 
+	void testIpSixOverread() {
+		UriParserStateStructA uri;
+		const char * errorPos;
+
+		// NOTE: This string is designed to not have a terminator
+		char uriText[2 + 3 + 2 + 1 + 1];
+		strncpy(uriText, "//[::44.1", sizeof(uriText));
+
+		TEST_ASSERT(URI_ERROR_SYNTAX ==
+			uriParseUriExA(&uri, uriText, uriText + sizeof(uriText)));
+		TEST_ASSERT(URI_ERROR_SYNTAX == uri.errorCode);
+		TEST_ASSERT(uri.errorPos == uriText + sizeof(uriText));
+	}
+
 	void testUri() {
 		UriParserStateA stateA;
 		UriParserStateW stateW;
openSUSE Build Service is sponsored by
Places