[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libextractor] 08/27: fix potential buffer underflow read i
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libextractor] 08/27: fix potential buffer underflow read in deb_extractor |
Date: |
Sun, 15 Oct 2017 21:34:32 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libextractor.
commit 71aa4223b2770a9243ddc86457bcd2fdcf47d922
Author: Christian Grothoff <address@hidden>
AuthorDate: Sun Oct 15 19:59:51 2017 +0200
fix potential buffer underflow read in deb_extractor
---
ChangeLog | 3 ++-
src/plugins/deb_extractor.c | 6 +++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 82c4262b..1a2fb983 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,8 @@ Sun Oct 15 19:36:41 CEST 2017
Fix potential assign-after-free (on IPC error handling path).
Make sure to only pass "unsigned char" to functions like isspace().
Avoid malloc(0) in DEB extractor under certain conditions.
- Properly initialize 'duration' in ffmpeg extractor. -CG
+ Properly initialize 'duration' in ffmpeg extractor.
+ Fix potential buffer underflow read in DEB extractor. -CG
Fri Oct 13 12:30:37 CEST 2017
Properly check read error in NSF plugin (from signedness confusion)
found by Leon Zhao. -CG
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c
index afbe8bb5..2eb00280 100644
--- a/src/plugins/deb_extractor.c
+++ b/src/plugins/deb_extractor.c
@@ -365,6 +365,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
return 0;
if (0 == size)
return 0;
+ if (size < 4)
+ return 0;
if (NULL == (cdata = malloc (size)))
return 0;
off = 0;
@@ -375,7 +377,9 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
free (cdata);
return 0;
}
- memcpy (&cdata[off], data, sret);
+ memcpy (&cdata[off],
+ data,
+ sret);
off += sret;
}
bufSize = cdata[size - 4] + (cdata[size - 3] << 8) + (cdata[size - 2] << 16)
+ (cdata[size - 1] << 24);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [libextractor] branch master updated (d0a7ceb6 -> e340cef5), gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 01/27: indentation fixes, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 04/27: indentation fixes, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 02/27: fix potential assign-after-free, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 08/27: fix potential buffer underflow read in deb_extractor,
gnunet <=
- [GNUnet-SVN] [libextractor] 05/27: defensive programming: avoid malloc(0) in deb extractor, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 03/27: avoid passing of char to isspace()-family of functions, always pass unsigned chars, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 09/27: fix very hypothetical lack of 0-termination in ole2-extractor iff translation string was more than 10x as long as the English version, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 16/27: handle allocation failure in gstreamer plugin, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 11/27: be more conservative about result from ctime_r, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 14/27: add missing continue if max meta data was reached to avoid use after free, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 15/27: fix indentation, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 06/27: fix duration initialization in ffmpeg extractor (badly positioned #if), gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 13/27: seems some specs of c_time allow up to 71 bytes, so increase buffer size just to be safe, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 19/27: need isspace, not isblank for rpm extractor, gnunet, 2017/10/15