upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-20 00:11:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix urldecode buffer overrun.

Browse source 
Reported by:	Duncan Overbruck
Security:	CVE-2020-7450
This commit is contained in:
Gordon Tetlow 2020-01-28 18:37:18 +00:00
parent 95e6640be2
commit 6fb3f9944f
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/libfetch/fetch.c
View file

@ -332,6 +332,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen)
}
if (dlen-- > 0)
*dst++ = c;
else
return (NULL);
}
return (s);
}
@ -381,11 +383,15 @@ fetchParseURL(const char *URL)
if (p && *p == '@') {
/* username */
q = fetch_pctdecode(u->user, URL, URL_USERLEN);
if (q == NULL)
goto ouch;
/* password */
if (*q == ':')
if (*q == ':') {
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
if (q == NULL)
goto ouch;
}
p++;
} else {
p = URL;