aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/curl/patches/402-CVE-2018-16839.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/utils/curl/patches/402-CVE-2018-16839.patch')
-rw-r--r--package/network/utils/curl/patches/402-CVE-2018-16839.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/402-CVE-2018-16839.patch b/package/network/utils/curl/patches/402-CVE-2018-16839.patch
new file mode 100644
index 0000000000..188c77f1c0
--- /dev/null
+++ b/package/network/utils/curl/patches/402-CVE-2018-16839.patch
@@ -0,0 +1,23 @@
+From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 28 Sep 2018 16:08:16 +0200
+Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
+
+CVE-2018-16839
+Reported-by: Harry Sintonen
+Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+---
+ lib/vauth/cleartext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/vauth/cleartext.c
++++ b/lib/vauth/cleartext.c
+@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(
+ plen = strlen(passwdp);
+
+ /* Compute binary message length. Check for overflows. */
+- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+ return CURLE_OUT_OF_MEMORY;
+ plainlen = 2 * ulen + plen + 2;
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-04 10:41:02 +0000