xbps: add patch for CVE-2020-7450
This commit is contained in:
Duncaen
parent
57315060ad
commit
e7edf36012
2 changed files with 37 additions and 1 deletions
36
srcpkgs/xbps/patches/CVE-2020-7450.patch
Normal file
36
srcpkgs/xbps/patches/CVE-2020-7450.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
commit cf20e53d34446bcf8d1dd6c8da9fedf4dd5447ab
|
||||
Author: Duncan Overbruck <mail@duncano.de>
|
||||
Date: Tue Jan 28 20:03:56 2020 +0100
|
||||
|
||||
lib/fetch: fix CVE-2020-7450
|
||||
|
||||
diff --git lib/fetch/fetch.c lib/fetch/fetch.c
|
||||
index d0cce7b8..feaf768d 100644
|
||||
--- lib/fetch/fetch.c
|
||||
+++ lib/fetch/fetch.c
|
||||
@@ -331,6 +331,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen)
|
||||
}
|
||||
if (dlen-- > 0)
|
||||
*dst++ = c;
|
||||
+ else
|
||||
+ return (NULL);
|
||||
}
|
||||
return (s);
|
||||
}
|
||||
@@ -481,10 +483,14 @@ find_user:
|
||||
if (p != NULL && *p == '@') {
|
||||
/* username */
|
||||
q = fetch_pctdecode(u->user, URL, URL_USERLEN);
|
||||
+ if (q == NULL)
|
||||
+ goto ouch;
|
||||
/* password */
|
||||
- if (*q == ':')
|
||||
+ if (*q == ':') {
|
||||
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
|
||||
-
|
||||
+ if (q == NULL)
|
||||
+ goto ouch;
|
||||
+ }
|
||||
p++;
|
||||
} else {
|
||||
p = URL;
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'xbps'
|
||||
pkgname=xbps
|
||||
version=0.57.1
|
||||
revision=8
|
||||
revision=9
|
||||
bootstrap=yes
|
||||
build_style=configure
|
||||
short_desc="XBPS package system utilities"
|
||||
|
|
|
|||
Loading…
Reference in a new issue