diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch')
-rw-r--r-- | net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch new file mode 100644 index 000000000000..2ddf3fdd6be2 --- /dev/null +++ b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch @@ -0,0 +1,32 @@ +From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Fri, 1 Sep 2017 10:04:48 +0200 +Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow + +This fix is a backport from libidn2 and addresses +CVE-2017-14062. +--- + lib/punycode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/punycode.c b/lib/punycode.c +index 86819a7..49250a1 100644 +--- a/lib/punycode.c ++++ b/lib/punycode.c +@@ -88,10 +88,10 @@ enum + /* point (for use in representing integers) in the range 0 to */ + /* base-1, or base if cp does not represent a value. */ + +-static punycode_uint +-decode_digit (punycode_uint cp) ++static unsigned ++decode_digit (int cp) + { +- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : ++ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : + cp - 97 < 26 ? cp - 97 : base; + } + +-- +1.9.1 + |