Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4
hiredis
CVE-2021-32765.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-32765.patch of Package hiredis
From: Andreas Stieger <andreas.stieger@gmx.de> Date: Tue, 23 Nov 2021 22:32:06 +0100 Subject: Fix for integer/buffer overflow CVE-2021-32765 References: https://bugzilla.opensuse.org/show_bug.cgi?id=1191331 https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 Index: hiredis-0.13.3/hiredis.c =================================================================== --- hiredis-0.13.3.orig/hiredis.c +++ hiredis-0.13.3/hiredis.c @@ -45,7 +45,7 @@ static redisReply *createReplyObject(int type); static void *createStringObject(const redisReadTask *task, char *str, size_t len); -static void *createArrayObject(const redisReadTask *task, int elements); +static void *createArrayObject(const redisReadTask *task, size_t elements); static void *createIntegerObject(const redisReadTask *task, long long value); static void *createNilObject(const redisReadTask *task); @@ -131,7 +131,7 @@ static void *createStringObject(const re return r; } -static void *createArrayObject(const redisReadTask *task, int elements) { +static void *createArrayObject(const redisReadTask *task, size_t elements) { redisReply *r, *parent; r = createReplyObject(REDIS_REPLY_ARRAY); @@ -139,6 +139,7 @@ static void *createArrayObject(const red return NULL; if (elements > 0) { + if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL; /* Don't overflow */ r->element = calloc(elements,sizeof(redisReply*)); if (r->element == NULL) { freeReplyObject(r);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor