Package: mapserver / 6.4.1-5+deb8u3

CVE-2017-5522.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Description: security fix (patch by EvenR)
 Fixes CVE-2017-5522 (stack buffer overflow)
Author: Even Rouault <even.rouault@spatialys.com>
Origin: https://github.com/mapserver/mapserver/commit/fb00f8149898fcf9fcb490a179984e481248f066
        https://github.com/mapserver/mapserver/commit/f096b132e58cdfe2714ce372e9f4f7c76d72c5ec

--- a/mapogcfilter.c
+++ b/mapogcfilter.c
@@ -2853,6 +2853,9 @@ char *FLTGetIsLikeComparisonExpression(F
   pszValue = psFilterNode->psRightNode->pszValue;
   nLength = strlen(pszValue);
 
+  if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
+    return NULL;
+
   iTmp =0;
   if (nLength > 0 && pszValue[0] != pszWild[0] &&
       pszValue[0] != pszSingle[0] &&
--- a/mapogcfiltercommon.c
+++ b/mapogcfiltercommon.c
@@ -93,6 +93,8 @@ char *FLTGetIsLikeComparisonCommonExpres
 
   pszValue = psFilterNode->psRightNode->pszValue;
   nLength = strlen(pszValue);
+  if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
+    return NULL;
 
   iTmp =0;
   if (nLength > 0 && pszValue[0] != pszWild[0] &&