blob: 3876c290b6761a3d208036800ac6ba9b897636ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eike@sf-mail.de>
Date: Tue, 12 May 2020 20:06:38 +0200
Subject: [PATCH 2/4] fix possible signed integer overflow in commands()
(CVE-2005-1514)
Fix it as suggested by the Qualys Security Advisory team.
---
commands.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/commands.c b/commands.c
index b0d3f61..90a50c9 100644
--- a/commands.c
+++ b/commands.c
@@ -10,16 +10,17 @@ int commands(ss,c)
substdio *ss;
struct commands *c;
{
- int i;
+ unsigned int i;
char *arg;
for (;;) {
if (!stralloc_copys(&cmd,"")) return -1;
for (;;) {
+ int j;
if (!stralloc_readyplus(&cmd,1)) return -1;
- i = substdio_get(ss,cmd.s + cmd.len,1);
- if (i != 1) return i;
+ j = substdio_get(ss,cmd.s + cmd.len,1);
+ if (j != 1) return j;
if (cmd.s[cmd.len] == '\n') break;
++cmd.len;
}
--
2.26.1
|
