Projects
openEuler:24.03:SP1:Everything
byacc
_service:tar_scm:CVE-2021-33641.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2021-33641.patch of Package byacc
From 162549f599c4460bcefc1526cfa014fec626ebc5 Mon Sep 17 00:00:00 2001 From: zhoupengcheng <zhoupengcheng11@huawei.com> Date: Sat, 26 Nov 2022 18:27:48 +0800 Subject: [PATCH] fix CVE-2021-33641 the global variable:cptr use-after-free in more_curly(), save original line in more_curly() in case get new line to fix CVE-2021-33641. --- reader.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/reader.c b/reader.c index 37dc2cb..2a1dfe5 100644 --- a/reader.c +++ b/reader.c @@ -1027,9 +1027,16 @@ trim_blanks(char *buffer) static int more_curly(void) { - char *save = cptr; + int result = 0; int finish = 0; + FILE *f = input_file; + long int old_pos = ftell(f); + int save_linesize = linesize; + char *save_line = TMALLOC(char, linesize); + NO_SPACE(save_line); + char *save_cptr = save_line + (cptr - line); + memcpy(save_line, line, linesize); do { switch (next_inline()) @@ -1046,7 +1053,15 @@ more_curly(void) ++cptr; } while (!finish); - cptr = save; + + // in case of next_inline malloc new line space + free(line); + cptr = save_cptr; + line = save_line; + linesize = save_linesize; + // Since get_line also move the postion in file forward + // we need to move it back + fseek(f, old_pos, SEEK_SET); return result; } -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2