33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
|
|
# Date 1492510834 -7200
|
|
# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
|
|
# Parent c72edf0e43bca463239ea15594d128ecbc0d2574
|
|
Fix CVE-2017-7467, a remote exploitalbe out of bound access
|
|
|
|
This fixes an out of bounds data access that can lead to a
|
|
remotely exploitable code execution.
|
|
|
|
This issue was found by Solar Designer of Openwall during a
|
|
security audit of the Virtuozzo 7 product, which contains
|
|
derived downstream code in its prl-vzvncserver component.
|
|
The corresponding Virtuozzo 7 fix is:
|
|
|
|
https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
|
|
|
|
Openwall would like to thank the Virtuozzo company for
|
|
funding the effort.
|
|
|
|
diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
|
|
--- src/vt100.c Sat Sep 17 02:17:37 2016 +0200
|
|
+++ src/vt100.c Tue Apr 18 12:20:34 2017 +0200
|
|
@@ -427,7 +427,7 @@
|
|
}
|
|
/* Separation between numbers ? */
|
|
if (c == ';') {
|
|
- if (ptr < 7)
|
|
+ if (ptr < (int)ARRAY_SIZE(escparms) - 1)
|
|
ptr++;
|
|
return;
|
|
}
|
|
|