Projects
openEuler:24.03:SP1:Everything
byacc
_service:tar_scm:CVE-2021-33642.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2021-33642.patch of Package byacc
From ab5ee87cbbe1b94a45d5c7974b321e2ee78d1238 Mon Sep 17 00:00:00 2001 From: zhoupengcheng <zhoupengcheng11@huawei.com> Date: Sat, 26 Nov 2022 18:27:48 +0800 Subject: [PATCH] fix CVE-2021-33642 next_inline() return EOF cause infinite loop in more_curly(), Add EOF case in more_curly(), don't allow multiple line. --- reader.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/reader.c b/reader.c index 2a1dfe5..6a9bb7c 100644 --- a/reader.c +++ b/reader.c @@ -1030,8 +1030,10 @@ more_curly(void) int result = 0; int finish = 0; + int c; FILE *f = input_file; long int old_pos = ftell(f); + long int new_pos = old_pos; int save_linesize = linesize; char *save_line = TMALLOC(char, linesize); NO_SPACE(save_line); @@ -1039,7 +1041,13 @@ more_curly(void) memcpy(save_line, line, linesize); do { - switch (next_inline()) + c = next_inline(); + // Don't allow multiple line, so we use file position to check + // Only get_line() will move file postion forward + new_pos = ftell(f); + if (c == (EOF) || old_pos != new_pos) + break; + switch (c) { case 0: case '\n': -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2