49cb795f79
Add upstream patch fixing CVE-2017-14062: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. This issue also affects libidn. Unfortunately, the patch also triggers reconf of the documentation subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined in doc/Makefile.am. Add autoreconf to handle that. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
37 lines
1.0 KiB
Diff
37 lines
1.0 KiB
Diff
From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
|
|
Date: Fri, 1 Sep 2017 10:04:48 +0200
|
|
Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
|
|
|
|
This fix is a backport from libidn2 and addresses
|
|
CVE-2017-14062.
|
|
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
---
|
|
Upstream status: commit e9e81b8063b095
|
|
|
|
lib/punycode.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/lib/punycode.c b/lib/punycode.c
|
|
index 86819a7deb85..49250a13e2cc 100644
|
|
--- a/lib/punycode.c
|
|
+++ b/lib/punycode.c
|
|
@@ -88,10 +88,10 @@ enum
|
|
/* point (for use in representing integers) in the range 0 to */
|
|
/* base-1, or base if cp does not represent a value. */
|
|
|
|
-static punycode_uint
|
|
-decode_digit (punycode_uint cp)
|
|
+static unsigned
|
|
+decode_digit (int cp)
|
|
{
|
|
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
|
|
+ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
|
|
cp - 97 < 26 ? cp - 97 : base;
|
|
}
|
|
|
|
--
|
|
2.14.1
|
|
|