summaryrefslogtreecommitdiff
path: root/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch')
-rw-r--r--net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch34
1 files changed, 0 insertions, 34 deletions
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
deleted file mode 100644
index f961741aa288..000000000000
--- a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
-Date: Fri, 20 Oct 2017 10:59:38 +0200
-Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
- (CVE-2017-13089)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/http.c (skip_short_body): Return error on negative chunk size
-
-Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
-Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
----
- src/http.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/http.c b/src/http.c
-index 55367688..dc318231 100644
---- a/src/http.c
-+++ b/src/http.c
-@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
- remaining_chunk_size = strtol (line, &endl, 16);
- xfree (line);
-
-+ if (remaining_chunk_size < 0)
-+ return false;
-+
- if (remaining_chunk_size == 0)
- {
- line = fd_read_line (fd);
---
-2.15.0.rc1
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 06:19:20 +0000