author | Yiteng Zhang <yiteng.zhang@oracle.com> |
Tue, 10 Jan 2017 17:35:21 -0800 | |
changeset 7552 | 17fdfad41903 |
permissions | -rw-r--r-- |
7552
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
1 |
From 3599341dd611303ee9544839d30f603f606d1082 Mon Sep 17 00:00:00 2001 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
2 |
From: Daniel Stenberg <[email protected]> |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
3 |
Date: Wed, 28 Sep 2016 00:05:12 +0200 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [PATCH] base64: check for integer overflow on large input |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
5 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
6 |
CVE-2016-8617 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
7 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
8 |
Bug: https://curl.haxx.se/docs/adv_20161102C.html |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
9 |
Reported-by: Cure53 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
10 |
--- |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
11 |
lib/base64.c | 5 +++++ |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
12 |
1 file changed, 5 insertions(+) |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
13 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
14 |
--- lib/base64.c |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
15 |
+++ lib/base64.c |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
16 |
@@ -188,10 +188,15 @@ static CURLcode base64_encode(const char *table64, |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
17 |
*outlen = 0; |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
18 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
19 |
if(0 == insize) |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
20 |
insize = strlen(indata); |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
21 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
22 |
+#if SIZEOF_SIZE_T == 4 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
23 |
+ if(insize > UINT_MAX/4) |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
24 |
+ return CURLE_OUT_OF_MEMORY; |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
25 |
+#endif |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
26 |
+ |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
27 |
base64data = output = malloc(insize*4/3+4); |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
28 |
if(NULL == output) |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
29 |
return CURLE_OUT_OF_MEMORY; |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
30 |
|
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
31 |
/* |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
32 |
-- |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
33 |
2.9.3 |
17fdfad41903
25241371 problem in LIBRARY/CURL
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
34 |