File curl-CVE-2016-8617.patch of Package curl.openSUSE_Leap_42.3_Update
From 32ae8ba41b5dbf26dabe884ac4aa12597d1d96b9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 28 Sep 2016 00:05:12 +0200
Subject: [PATCH] base64: check for integer overflow on large input
---
lib/base64.c | 5 +++++
1 file changed, 5 insertions(+)
Index: curl-7.37.0/lib/base64.c
===================================================================
--- curl-7.37.0.orig/lib/base64.c 2014-04-25 14:01:03.000000000 +0200
+++ curl-7.37.0/lib/base64.c 2016-10-20 15:05:39.902762057 +0200
@@ -205,6 +205,11 @@ CURLcode Curl_base64_encode(struct Sessi
if(0 == insize)
insize = strlen(indata);
+#if SIZEOF_SIZE_T == 4
+ if(insize > UINT_MAX/4)
+ return CURLE_OUT_OF_MEMORY;
+#endif
+
base64data = output = malloc(insize*4/3+4);
if(NULL == output)
return CURLE_OUT_OF_MEMORY;