Changeset View
Changeset View
Standalone View
Standalone View
files/security/cve-2017-13720.patch
- This file was added.
| From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001 | |||||
| From: Michal Srb <msrb@suse.com> | |||||
| Date: Thu, 20 Jul 2017 13:38:53 +0200 | |||||
| Subject: Check for end of string in PatternMatch (CVE-2017-13720) | |||||
| If a pattern contains '?' character, any character in the string is skipped, | |||||
| even if it is '\0'. The rest of the matching then reads invalid memory. | |||||
| Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> | |||||
| Signed-off-by: Julien Cristau <jcristau@debian.org> | |||||
| diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c | |||||
| index 4ce2473..996b7d1 100644 | |||||
| --- a/src/fontfile/fontdir.c | |||||
| +++ b/src/fontfile/fontdir.c | |||||
| @@ -400,8 +400,10 @@ PatternMatch(char *pat, int patdashes, char *string, int stringdashes) | |||||
| } | |||||
| } | |||||
| case '?': | |||||
| - if (*string++ == XK_minus) | |||||
| + if ((t = *string++) == XK_minus) | |||||
| stringdashes--; | |||||
| + if (!t) | |||||
| + return 0; | |||||
| break; | |||||
| case '\0': | |||||
| return (*string == '\0'); | |||||
| -- | |||||
| cgit v0.10.2 | |||||
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.