mirror of
https://github.com/openwrt/packages.git
synced 2025-02-24 02:25:07 +00:00
This updates to v0.12.21rc from 1999 (sic), which was never officially released. There're fixes in there, and it's what debian ships, so let's use that too. While at it, use debian's autohell hack and package description too. Patch 1 fixes a hang with musl. Patch 2 fixes CVE-2018-10195, add PKG_CPE_ID while at it. Refesh the rest. Fixes: CVE-2018-10195 Signed-off-by: Andre Heider <a.heider@gmail.com>
29 lines
742 B
Diff
29 lines
742 B
Diff
From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001
|
|
From: Uwe Ohse <uwe@ohse.de>
|
|
Date: Sun, 1 Mar 2020 22:35:28 +0000
|
|
Subject: [PATCH] may-be-security-fix: avoid possible underflow
|
|
|
|
Fixes: CVE-2018-10195
|
|
|
|
[a.heider: mention CVE in commit message]
|
|
---
|
|
src/zm.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
--- a/src/zm.c
|
|
+++ b/src/zm.c
|
|
@@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i
|
|
VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
|
|
Zendnames[(frameend-ZCRCE)&3]));
|
|
crc = 0;
|
|
- do {
|
|
+ while (length>0) {
|
|
zsendline(*buf); crc = updcrc((0377 & *buf), crc);
|
|
buf++;
|
|
- } while (--length>0);
|
|
+ length--;
|
|
+ }
|
|
xsendline(ZDLE); xsendline(frameend);
|
|
crc = updcrc(frameend, crc);
|
|
|