projects / pspp / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bf03b53) | patch
sys-file-reader: Fix integer overflows in parse_long_string_missing_values().
authorBen Pfaff <blp@cs.stanford.edu>
Tue, 4 Jul 2017 16:58:55 +0000 (12:58 -0400)
committerBen Pfaff <blp@cs.stanford.edu>
Tue, 4 Jul 2017 16:58:55 +0000 (12:58 -0400)
commit41c6f5447941e5d36d0554ba874671649353752f
treef441dac78fdfe5171cd0136f35dbfa99f411d8cctree | snapshot
parentbf03b53a3c0f0d1066062f37919015a8fa6ad436commit | diff
sys-file-reader: Fix integer overflows in parse_long_string_missing_values().

Crafted system files caused integer overflow errors that in turn caused
aborts.  This fixes the problem.

CVE-2017-10791.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
Found by team OWL337, using the collAFL fuzzer.
src/data/sys-file-reader.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.