Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/015-CVE-2016-8617.patch
changeset 7552 17fdfad41903 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/curl/patches/015-CVE-2016-8617.patch	Tue Jan 10 17:35:21 2017 -0800
@@ -0,0 +1,34 @@
+From 3599341dd611303ee9544839d30f603f606d1082 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Wed, 28 Sep 2016 00:05:12 +0200
+Subject: [PATCH] base64: check for integer overflow on large input
+
+CVE-2016-8617
+
+Bug: https://curl.haxx.se/docs/adv_20161102C.html
+Reported-by: Cure53
+---
+ lib/base64.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- lib/base64.c
++++ lib/base64.c
+@@ -188,10 +188,15 @@ static CURLcode base64_encode(const char *table64,
+   *outlen = 0;
+ 
+   if(0 == insize)
+     insize = strlen(indata);
+ 
++#if SIZEOF_SIZE_T == 4
++  if(insize > UINT_MAX/4)
++    return CURLE_OUT_OF_MEMORY;
++#endif
++
+   base64data = output = malloc(insize*4/3+4);
+   if(NULL == output)
+     return CURLE_OUT_OF_MEMORY;
+ 
+   /*
+-- 
+2.9.3
+
upstream/oracle/userland-gate