calculate
/
gentoo-overlay
7
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2013'
${ noResults }
gentoo-overlay/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514...

40 lines
972 B
Raw Permalink Blame History

From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eike@sf-mail.de>
Date: Tue, 12 May 2020 20:06:38 +0200
Subject: [PATCH 2/4] fix possible signed integer overflow in commands()
(CVE-2005-1514)
Fix it as suggested by the Qualys Security Advisory team.
---
commands.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/commands.c b/commands.c
index b0d3f61..90a50c9 100644
--- a/commands.c
+++ b/commands.c
@@ -10,16 +10,17 @@ int commands(ss,c)
substdio *ss;
struct commands *c;
{
- int i;
+ unsigned int i;
char *arg;
for (;;) {
if (!stralloc_copys(&cmd,"")) return -1;
for (;;) {
+ int j;
if (!stralloc_readyplus(&cmd,1)) return -1;
- i = substdio_get(ss,cmd.s + cmd.len,1);
- if (i != 1) return i;
+ j = substdio_get(ss,cmd.s + cmd.len,1);
+ if (j != 1) return j;
if (cmd.s[cmd.len] == '\n') break;
++cmd.len;
}
--
2.26.1
Reference in new issue View Git Blame Copy Permalink