1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# HG changeset patch
# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
# Date 1492510834 -7200
# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
# Parent c72edf0e43bca463239ea15594d128ecbc0d2574
Fix CVE-2017-7467, a remote exploitalbe out of bound access
This fixes an out of bounds data access that can lead to a
remotely exploitable code execution.
This issue was found by Solar Designer of Openwall during a
security audit of the Virtuozzo 7 product, which contains
derived downstream code in its prl-vzvncserver component.
The corresponding Virtuozzo 7 fix is:
https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
Openwall would like to thank the Virtuozzo company for
funding the effort.
diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
--- a/src/vt100.c Sat Sep 17 02:17:37 2016 +0200
+++ b/src/vt100.c Tue Apr 18 12:20:34 2017 +0200
@@ -428,7 +428,7 @@
}
/* Separation between numbers ? */
if (c == ';') {
- if (ptr < 15)
+ if (ptr < (int)ARRAY_SIZE(escparms) - 1)
ptr++;
return;
}
|
