deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/pure-ftpd/0002-pure_strcmp-len-s2-can-be-len-s1.patch
Fabrice Fontaine 6ef8420dd8 package/pure-ftpd: fix CVE-2020-9365 
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read
has been detected in the pure_strcmp function in utils.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-03-01 14:20:42 +01:00

31 lines
1,009 B
Diff
Raw Blame History

From 36c6d268cb190282a2c17106acfd31863121b58e Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 24 Feb 2020 15:19:43 +0100
Subject: [PATCH] pure_strcmp(): len(s2) can be > len(s1)
Reported by Antonio Morales from GitHub Security Labs, thanks!
[Retrieved from:
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/utils.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/utils.c b/src/utils.c
index f41492d..a7f0381 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
int pure_strcmp(const char * const s1, const char * const s2)
{
- return pure_memcmp(s1, s2, strlen(s1) + 1U);
+ const size_t s1_len = strlen(s1);
+ const size_t s2_len = strlen(s2);
+
+ if (s1_len != s2_len) {
+ return -1;
+ }
+ return pure_memcmp(s1, s2, s1_len);
}
Reference in a new issue View git blame Copy permalink