40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
From 8596101d21a9bdc85388486ec9c431c114a443e3 Mon Sep 17 00:00:00 2001
|
|
From: Zane van Iperen <zane@zanevaniperen.com>
|
|
Date: Wed, 16 Feb 2022 00:57:17 +1000
|
|
Subject: [PATCH 1/4] libuuid: fix buffer overrun in uuid_parse_range()
|
|
|
|
It attempts to access in_start[36], despite 35 being the maximum
|
|
allowed index.
|
|
|
|
Reported-by: Pierre-Anthony Lemieux <pal@palemieux.com>
|
|
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
|
|
---
|
|
libuuid/src/parse.c | 6 ++----
|
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/libuuid/src/parse.c b/libuuid/src/parse.c
|
|
index d0c69b0e6..c3e228112 100644
|
|
--- a/libuuid/src/parse.c
|
|
+++ b/libuuid/src/parse.c
|
|
@@ -58,16 +58,14 @@ int uuid_parse_range(const char *in_start, const char *in_end, uuid_t uu)
|
|
|
|
if ((in_end - in_start) != 36)
|
|
return -1;
|
|
- for (i=0, cp = in_start; i <= 36; i++,cp++) {
|
|
+ for (i=0, cp = in_start; i < 36; i++,cp++) {
|
|
if ((i == 8) || (i == 13) || (i == 18) ||
|
|
(i == 23)) {
|
|
if (*cp == '-')
|
|
continue;
|
|
return -1;
|
|
}
|
|
- if (i== 36)
|
|
- if (*cp == 0)
|
|
- continue;
|
|
+
|
|
if (!isxdigit(*cp))
|
|
return -1;
|
|
}
|
|
--
|
|
2.37.1
|
|
|