1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From: Dave Beckett <dave@dajobe.org>
Date: Fri, 7 Feb 2025 11:38:34 -0800
Subject: Fix Github issue 70 B) Heap read buffer overflow in ntriples bnode
Origin: https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e
Bug: https://github.com/dajobe/raptor/issues/70
Bug-Debian: https://bugs.debian.org/1067896
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-57822
(raptor_ntriples_parse_term_internal): Only allow looking at the last
character of a bnode ID only if bnode length >0
---
src/raptor_ntriples.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
index 3276e790f201..ecc4247c2874 100644
--- a/src/raptor_ntriples.c
+++ b/src/raptor_ntriples.c
@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
locator->column--;
locator->byte--;
}
- if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
+ if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
/* If bnode id ended on '.' move back one */
dest--;
--
2.49.0
|
