Package: gpac / 0.7.1+dfsg1-3

CVE-2019-11222.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
From f36525c5beafb78959c3a07d6622c9028de348da Mon Sep 17 00:00:00 2001
From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Thu, 11 Apr 2019 14:54:53 +0200
Subject: [PATCH] fix buffer overrun in gf_bin128_parse

closes #1204
closes #1205
---
 src/utils/os_divers.c | 5 +++++
 1 file changed, 5 insertions(+)

--- a/src/utils/os_divers.c
+++ b/src/utils/os_divers.c
@@ -1969,6 +1969,11 @@ GF_Err gf_bin128_parse(char *string, bin
 			sscanf(szV, "%x", &v);
 			value[i] = v;
 			i++;
+			if (i > 15) {
+				// force error check below
+				i++;
+				break;
+			}
 		}
 	}
 	if (i != 16) {