File: CVE-2017-2816.patch

package info (click to toggle)
libofx 1%3A0.9.10-1%2Bdeb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 11,192 kB
  • sloc: sh: 11,428; cpp: 6,240; ansic: 2,459; makefile: 170; xml: 61
file content (41 lines) | stat: -rw-r--r-- 1,279 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
Author: Christian Stimming
Description: Fix CVE-2017-2816.
Origin: upstream, https://github.com/libofx/libofx/commit/a70934eea
Bug: https://github.com/libofx/libofx/issues/9
Bug-Debian: https://bugs.debian.org/875801

--- a/lib/ofx_preproc.cpp
+++ b/lib/ofx_preproc.cpp
@@ -417,7 +417,6 @@
 string sanitize_proprietary_tags(string input_string)
 {
   unsigned int i;
-  size_t input_string_size;
   bool strip = false;
   bool tag_open = false;
   int tag_open_idx = 0; //Are we within < > ?
@@ -438,9 +437,17 @@
     close_tagname[i] = 0;
   }
 
-  input_string_size = input_string.size();
+  size_t input_string_size = input_string.size();
 
-  for (i = 0; i < input_string_size; i++)
+  // Minimum workaround to prevent buffer overflow: Stop iterating
+  // once the (fixed!) size of the output buffers is reached. In
+  // response to
+  // https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
+  //
+  // However, this code is a huge mess anyway and is in no way
+  // anything like up-to-date C++ code. Please, anyone, replace it
+  // with something more modern. Thanks. - cstim, 2017-09-17.
+  for (i = 0; i < std::min(input_string_size, size_t(READ_BUFFER_SIZE)); i++)
   {
     if (input_string.c_str()[i] == '<')
     {
@@ -657,3 +664,4 @@
 }
 
 
+