0
0
mirror of https://github.com/openwrt/packages.git synced 2025-02-23 22:55:07 +00:00
packages/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch
Andre Heider 6d6c4b21b5 lrzsz: update to v0.12.21rc and fix a CVE
This updates to v0.12.21rc from 1999 (sic), which was never officially
released. There're fixes in there, and it's what debian ships, so let's
use that too. While at it, use debian's autohell hack and package
description too.

Patch 1 fixes a hang with musl.
Patch 2 fixes CVE-2018-10195, add PKG_CPE_ID while at it.

Refesh the rest.

Fixes: CVE-2018-10195
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-15 15:14:06 +01:00

29 lines
742 B
Diff

From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001
From: Uwe Ohse <uwe@ohse.de>
Date: Sun, 1 Mar 2020 22:35:28 +0000
Subject: [PATCH] may-be-security-fix: avoid possible underflow
Fixes: CVE-2018-10195
[a.heider: mention CVE in commit message]
---
src/zm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/src/zm.c
+++ b/src/zm.c
@@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i
VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
Zendnames[(frameend-ZCRCE)&3]));
crc = 0;
- do {
+ while (length>0) {
zsendline(*buf); crc = updcrc((0377 & *buf), crc);
buf++;
- } while (--length>0);
+ length--;
+ }
xsendline(ZDLE); xsendline(frameend);
crc = updcrc(frameend, crc);