e00379361e
- Fixed: [CVE-2021-46141] Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* functions where the text range in .hostText would not be duped using malloc but remain unchanged (and hence "not owned") for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses uriparser, this could lead the application into a use-after-free situation. As the second half, fix uriFreeUriMembers* functions that would not free .hostText memory for URIs with an IPv4 or IPv6 address host; also, calling uriFreeUriMembers* multiple times on a URI of this very nature would result in trying to free pointers to stack (rather than heap) memory. - Fixed: [CVE-2021-46142] Fix functions uriNormalizeSyntax* for out-of-memory situations (i.e. malloc returning NULL) for URIs containing empty segments (any of user info, host text, query, or fragment) where previously pointers to stack (rather than heap) memory were freed. https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 lines
200 B
Plaintext
4 lines
200 B
Plaintext
# Locally calculated
|
|
sha256 a288a06668528c19e85e38c508335938e1de6fdd4b8f2072401b4533fcebf644 uriparser-0.9.6.tar.xz
|
|
sha256 287f09e6546a9610f949f89e8fb937cacfeabd7bfaa8c8a0c18312193bf04ad3 COPYING
|