Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/009-CVE-2013-2174.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Mon, 11 May 2015 10:44:02 -0700
branchs11u2-sru
changeset 4270 279415c50b97
parent 2753 14e5111571b5
permissions -rw-r--r--
20761309 problem in UTILITY/GIT

CVE-2013-2174: Heap-based buffer overflow in the curl_easy_unescape function
in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted string ending in a "%" (percent)
character.

CVE webpage for this problem:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

Relevant upstream patch at:
https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737

--- lib/escape.c.orig	2013-08-27 05:41:07.197713748 -0700
+++ lib/escape.c	2013-08-27 05:42:54.003927843 -0700
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <[email protected]>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <[email protected]>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -165,7 +165,8 @@
 
   while(--alloc > 0) {
     in = *string;
-    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
+    if(('%' == in) && (alloc > 2) &&
+       ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
       /* this is two hexadecimal digits following a '%' */
       char hexstr[3];
       char *ptr;
upstream/oracle/userland-gate