libical/libical-boo986631-read-past-end.patch
Michal Vyskocil d2fbb3222f Accepting request 505726 from home:mgorse:branches:devel:libraries:c_c++
- Add fixes for various crashes:
  libical-boo986631-read-past-end.patch
  libical-boo986631-check-prev-char.patch
  libical-parser-sanity-check.patch
  libical-timezone-use-after-free.patch
  libical-boo1015964-use-after-free.patch
  Fixes boo#986631 (CVE-2016-5827), boo#986639 (CVE-2016-5824),
  boo#1015964 (CVE-2016-9584), and boo#1044995.

OBS-URL: https://build.opensuse.org/request/show/505726
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libical?expand=0&rev=43
2017-06-26 06:09:35 +00:00

27 lines
836 B
Diff

From 38757abb495ea6cb40faa5418052278bf75040f7 Mon Sep 17 00:00:00 2001
From: Ken Murchison <murch@andrew.cmu.edu>
Date: Fri, 2 Dec 2016 14:13:22 -0500
Subject: [PATCH] icaltime.c: don't read past end of string (can't check
str[19] if length is 16)
---
src/libical/icaltime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c
index ca647633..4077ce75 100644
--- a/src/libical/icaltime.c
+++ b/src/libical/icaltime.c
@@ -445,7 +445,7 @@ struct icaltimetype icaltime_from_string(const char *str)
tt.is_utc = 0;
tt.is_date = 0;
} else if ((size == 16) || (size == 20)) { /* UTC time, ends in 'Z' */
- if ((str[15] != 'Z') && (str[19] != 'Z'))
+ if ((str[size-1] != 'Z'))
goto FAIL;
tt.is_utc = 1;
--
2.12.3