parent
864e18c0c8
commit
cacdacb017
@ -0,0 +1,27 @@
|
||||
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Mon, 15 Feb 2021 12:18:14 +0100
|
||||
Subject: [PATCH] CVE-2020-8625
|
||||
|
||||
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
|
||||
(CVE-2020-8625) [GL #2354]
|
||||
---
|
||||
lib/dns/spnego.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
|
||||
index dea108b..13cf15d 100644
|
||||
--- a/lib/dns/spnego.c
|
||||
+++ b/lib/dns/spnego.c
|
||||
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
|
||||
return (ASN1_OVERRUN);
|
||||
}
|
||||
|
||||
- data->components = malloc(len * sizeof(*data->components));
|
||||
+ data->components = malloc((len + 1) * sizeof(*data->components));
|
||||
if (data->components == NULL) {
|
||||
return (ENOMEM);
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
Loading…
Reference in New Issue