Projects
openEuler:22.03:LTS:LoongArch
krb5
_service:tar_scm_kernel_repo:backport-Avoid-sma...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-Avoid-small-read-overrun-in-UTF8-normalization.patch of Package krb5
From fb9cf8cfbf8da0d160cb61250b952f2b8e5484f4 Mon Sep 17 00:00:00 2001 From: Greg Hudson <ghudson@mit.edu> Date: Wed, 12 Oct 2022 00:27:17 -0400 Subject: [PATCH] Avoid small read overrun in UTF8 normalization In krb5int_utf8_normalize(), check the length of the current character against the buffer length before reading more than one byte. Credit to OSS-Fuzz for discovering the overrun. ticket: 9072 (new) Reference: https://github.com/krb5/krb5/commit/fb9cf8cfbf8da0d160cb61250b952f2b8e5484f4 Conflict: NA --- src/lib/krb5/unicode/ucstr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c index 21030bf25..e3ed9bc64 100644 --- a/src/lib/krb5/unicode/ucstr.c +++ b/src/lib/krb5/unicode/ucstr.c @@ -199,6 +199,12 @@ krb5int_utf8_normalize( /* s[i] is non-ascii */ /* convert everything up to next ascii to ucs-4 */ while (i < len) { + /* KRB5_UTF8_CHARLEN only looks at the first byte; use it to guard + * against small read overruns. */ + if (KRB5_UTF8_CHARLEN(s + i) > len - i) { + retval = KRB5_ERR_INVALID_UTF8; + goto cleanup; + } clen = KRB5_UTF8_CHARLEN2(s + i, clen); if (clen == 0) { retval = KRB5_ERR_INVALID_UTF8; -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.