Package: pure-ftpd / 1.0.49-4.1

CVE-2020-9365.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
commit bf6fcd4935e95128cf22af5924cdc8fe5c0579da
Author: Frank Denis <github@pureftpd.org>
Date:   Mon Feb 24 15:19:43 2020 +0100

    pure_strcmp(): len(s2) can be > len(s1)
    
    Reported by Antonio Morales from GitHub Security Labs, thanks!

diff --git a/src/utils.c b/src/utils.c
index f41492d..5e88104 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -45,5 +45,9 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
 
 int pure_strcmp(const char * const s1, const char * const s2)
 {
-    return pure_memcmp(s1, s2, strlen(s1) + 1U);
+    const size_t s1_len = strlen(s1);
+    const size_t s2_len = strlen(s2);
+    const size_t len = (s1_len < s2_len) ? s1_len : s2_len;
+
+    return pure_memcmp(s1, s2, len + 1);
 }