d2fbb3222f
- Add fixes for various crashes: libical-boo986631-read-past-end.patch libical-boo986631-check-prev-char.patch libical-parser-sanity-check.patch libical-timezone-use-after-free.patch libical-boo1015964-use-after-free.patch Fixes boo#986631 (CVE-2016-5827), boo#986639 (CVE-2016-5824), boo#1015964 (CVE-2016-9584), and boo#1044995. OBS-URL: https://build.opensuse.org/request/show/505726 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libical?expand=0&rev=43
27 lines
836 B
Diff
27 lines
836 B
Diff
From 38757abb495ea6cb40faa5418052278bf75040f7 Mon Sep 17 00:00:00 2001
|
|
From: Ken Murchison <murch@andrew.cmu.edu>
|
|
Date: Fri, 2 Dec 2016 14:13:22 -0500
|
|
Subject: [PATCH] icaltime.c: don't read past end of string (can't check
|
|
str[19] if length is 16)
|
|
|
|
---
|
|
src/libical/icaltime.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c
|
|
index ca647633..4077ce75 100644
|
|
--- a/src/libical/icaltime.c
|
|
+++ b/src/libical/icaltime.c
|
|
@@ -445,7 +445,7 @@ struct icaltimetype icaltime_from_string(const char *str)
|
|
tt.is_utc = 0;
|
|
tt.is_date = 0;
|
|
} else if ((size == 16) || (size == 20)) { /* UTC time, ends in 'Z' */
|
|
- if ((str[15] != 'Z') && (str[19] != 'Z'))
|
|
+ if ((str[size-1] != 'Z'))
|
|
goto FAIL;
|
|
|
|
tt.is_utc = 1;
|
|
--
|
|
2.12.3
|
|
|