diff options
Diffstat (limited to 'package/x11r7/xlib_libXfont2/0001-Check-for-end-of-string-in-PatternMatch-CVE-2017-137.patch')
| -rw-r--r-- | package/x11r7/xlib_libXfont2/0001-Check-for-end-of-string-in-PatternMatch-CVE-2017-137.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/package/x11r7/xlib_libXfont2/0001-Check-for-end-of-string-in-PatternMatch-CVE-2017-137.patch b/package/x11r7/xlib_libXfont2/0001-Check-for-end-of-string-in-PatternMatch-CVE-2017-137.patch new file mode 100644 index 0000000000..3795179af1 --- /dev/null +++ b/package/x11r7/xlib_libXfont2/0001-Check-for-end-of-string-in-PatternMatch-CVE-2017-137.patch @@ -0,0 +1,34 @@ +From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Thu, 20 Jul 2017 13:38:53 +0200 +Subject: [PATCH] Check for end of string in PatternMatch (CVE-2017-13720) + +If a pattern contains '?' character, any character in the string is skipped, +even if it is '\0'. The rest of the matching then reads invalid memory. + +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + src/fontfile/fontdir.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c +index 4ce2473..996b7d1 100644 +--- a/src/fontfile/fontdir.c ++++ b/src/fontfile/fontdir.c +@@ -400,8 +400,10 @@ PatternMatch(char *pat, int patdashes, char *string, int stringdashes) + } + } + case '?': +- if (*string++ == XK_minus) ++ if ((t = *string++) == XK_minus) + stringdashes--; ++ if (!t) ++ return 0; + break; + case '\0': + return (*string == '\0'); +-- +2.11.0 + |
