diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 03:06:58 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 03:06:58 +0000 |
commit | 98e6007c9dbc6151052d380276303d2efa14051c (patch) | |
tree | 145ac5d9bd5ed7f2937204187ff02adff0faf02c /debian/patches/Fix-a-buffer-overflow-vulnerability.patch | |
parent | Adding upstream version 1.20.1. (diff) | |
download | wget-2af55308d5864b1acb0bc3aef2f4033c688bcf95.tar.xz wget-2af55308d5864b1acb0bc3aef2f4033c688bcf95.zip |
Adding debian version 1.20.1-1.1.debian/1.20.1-1.1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/Fix-a-buffer-overflow-vulnerability.patch')
-rw-r--r-- | debian/patches/Fix-a-buffer-overflow-vulnerability.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/Fix-a-buffer-overflow-vulnerability.patch b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch new file mode 100644 index 0000000..d9a7f4c --- /dev/null +++ b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch @@ -0,0 +1,30 @@ +From: Tim Ruehsen <tim.ruehsen@gmx.de> +Date: Fri, 5 Apr 2019 11:50:44 +0200 +Subject: Fix a buffer overflow vulnerability +Origin: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c, + https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-5953 +Bug-Debian: https://bugs.debian.org/926389 + +* src/iri.c(do_conversion): Reallocate the output buffer to a larger + size if it is already full +--- + src/iri.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/src/iri.c ++++ b/src/iri.c +@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const + { + tooshort++; + done = len; +- len = outlen = done + inlen * 2; +- s = xrealloc (s, outlen + 1); +- *out = s + done; ++ len = done + inlen * 2; ++ s = xrealloc (s, len + 1); ++ *out = s + done - outlen; ++ outlen += inlen * 2; + } + else /* Weird, we got an unspecified error */ + { |