31 lines
687 B
Plaintext
31 lines
687 B
Plaintext
$OpenBSD: patch-lib_bidi_c,v 1.1 2017/10/20 20:26:53 jca Exp $
|
|
|
|
Fix for CVE-2017-14061
|
|
|
|
commit 16853b6973a1e72fee2b7cccda85472cb9951305
|
|
Author: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
Date: Tue Aug 1 11:15:10 2017 +0200
|
|
|
|
lib/bidi: Fix integer overflow (found by fuzzing)
|
|
|
|
Index: lib/bidi.c
|
|
--- lib/bidi.c.orig
|
|
+++ lib/bidi.c
|
|
@@ -30,6 +30,7 @@
|
|
|
|
#include "idn2.h"
|
|
|
|
+#include <sys/types.h>
|
|
#include <stdbool.h>
|
|
|
|
#include "bidi.h"
|
|
@@ -39,7 +40,7 @@
|
|
static bool
|
|
_isBidi (const uint32_t *label, size_t llen)
|
|
{
|
|
- while (llen-- > 0) {
|
|
+ for (; (ssize_t) llen > 0; llen--) {
|
|
int bc = uc_bidi_category (*label++);
|
|
|
|
if (bc == UC_BIDI_R || bc == UC_BIDI_AL || bc == UC_BIDI_AN)
|