projects / pspp / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: feba483) | patch
sys-file-reader: Fully verify multiple response set names.
authorBen Pfaff <blp@cs.stanford.edu>
Sun, 27 Aug 2017 19:30:30 +0000 (12:30 -0700)
committerBen Pfaff <blp@cs.stanford.edu>
Sun, 27 Aug 2017 19:33:42 +0000 (12:33 -0700)
commitf5e03ec7b8a217ef53ce0c77374cddc0dcd79fae
tree9a7b48035cfbe704da64556390739756347d2021tree | snapshot
parentfeba48309a227fe40feb3a87cbe900015021ac73commit | diff
sys-file-reader: Fully verify multiple response set names.

Until now, the code only checked the first character of the name, which
made it possible to assert-fail when the mrset was actually added.

CVE-2017-12959.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482432.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12959.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12959.
Found by team OWL337, using the collAFL fuzzer.
NEWS diff | blob | history
src/data/sys-file-reader.c diff | blob | history
tests/data/sys-file-reader.at diff | blob | history
Unnamed repository; edit this file to name it for gitweb.