From f1bc537f089cc8477a9a18db597cb349e1b00e91 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 16 Jun 2018 05:02:38 +0100
Subject: gentoo resync : 16.06.2018

---
 sys-apps/file/files/file-5.33-CVE-2018-10360.patch | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 sys-apps/file/files/file-5.33-CVE-2018-10360.patch

(limited to 'sys-apps/file/files')

diff --git a/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
new file mode 100644
index 000000000000..a489846b10f8
--- /dev/null
+++ b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
@@ -0,0 +1,18 @@
+Avoid reading past the end of buffer
+
+CVE-2018-10360
+
+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end
-- 
cgit v1.2.3