summaryrefslogtreecommitdiffstats
path: root/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:58 +0000
commit98e6007c9dbc6151052d380276303d2efa14051c (patch)
tree145ac5d9bd5ed7f2937204187ff02adff0faf02c /debian/patches/Fix-a-buffer-overflow-vulnerability.patch
parentAdding upstream version 1.20.1. (diff)
downloadwget-2af55308d5864b1acb0bc3aef2f4033c688bcf95.tar.xz
wget-2af55308d5864b1acb0bc3aef2f4033c688bcf95.zip
Adding debian version 1.20.1-1.1.debian/1.20.1-1.1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/Fix-a-buffer-overflow-vulnerability.patch')
-rw-r--r--debian/patches/Fix-a-buffer-overflow-vulnerability.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/Fix-a-buffer-overflow-vulnerability.patch b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
new file mode 100644
index 0000000..d9a7f4c
--- /dev/null
+++ b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
@@ -0,0 +1,30 @@
+From: Tim Ruehsen <tim.ruehsen@gmx.de>
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: Fix a buffer overflow vulnerability
+Origin: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c,
+ https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-5953
+Bug-Debian: https://bugs.debian.org/926389
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+ size if it is already full
+---
+ src/iri.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/src/iri.c
++++ b/src/iri.c
+@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const
+ {
+ tooshort++;
+ done = len;
+- len = outlen = done + inlen * 2;
+- s = xrealloc (s, outlen + 1);
+- *out = s + done;
++ len = done + inlen * 2;
++ s = xrealloc (s, len + 1);
++ *out = s + done - outlen;
++ outlen += inlen * 2;
+ }
+ else /* Weird, we got an unspecified error */
+ {