diff options
| author | Christopher Fore <csfore@posteo.net> | 2024-08-02 11:42:39 -0400 |
|---|---|---|
| committer | Viorel Munteanu <ceamac@gentoo.org> | 2024-08-03 09:02:01 +0300 |
| commit | 9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93 (patch) | |
| tree | 4c6b5f828fb19a0ee667bb2288be7afd7f06a8b7 /net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch | |
| parent | f499f009d6ce822c0ea05f991d26da7f3291fcef (diff) | |
| download | gentoo-9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93.tar.gz gentoo-9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93.tar.bz2 gentoo-9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93.zip | |
net-dialup/lrzsz: Fix information leak
- Patch taken from Fedora (check patch file for link)
- Seems to still be affected by https://bugs.gentoo.org/836585
- Tests pass otherwise ("All tests OK.")
Bug: https://bugs.gentoo.org/797247
Signed-off-by: Christopher Fore <csfore@posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/37927
Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>
Diffstat (limited to 'net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch')
| -rw-r--r-- | net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch b/net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch new file mode 100644 index 000000000000..771b67dda473 --- /dev/null +++ b/net-dialup/lrzsz/files/lrzsz-0.12.20-fix-integer-overflow.patch @@ -0,0 +1,23 @@ +https://src.fedoraproject.org/rpms/lrzsz/blob/rawhide/f/lrzsz-0.12.20.patch +https://bugs.gentoo.org/797247 + +diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c +--- lrzsz-0.12.20/src/zm.c Tue Dec 29 09:48:38 1998 ++++ lrzsz-0.12.20.new/src/zm.c Tue Oct 8 12:46:58 2002 +@@ -431,10 +431,12 @@ + VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, + Zendnames[(frameend-ZCRCE)&3])); + crc = 0; +- do { +- zsendline(*buf); crc = updcrc((0377 & *buf), crc); +- buf++; +- } while (--length>0); ++ ++ for( ; length; length--) { ++ zsendline(*buf); crc = updcrc((0377 & *buf), crc); ++ buf++; ++ } ++ + xsendline(ZDLE); xsendline(frameend); + crc = updcrc(frameend, crc); + |