rpms/libsoup
6
0
Fork 0
Code Issues Pull Requests Releases Activity
c8s
libsoup/CVE-2025-32053.patch
Michael Catanzaro 39ca5aa4ee
Backport patches for various CVEs 
Resolves: RHEL-85887
  Resolves: RHEL-85900
  Resolves: RHEL-85901
  Resolves: RHEL-87039
  Resolves: RHEL-87094
  Resolves: RHEL-87114
  Resolves: RHEL-88348
  Resolves: RHEL-88351
2025-05-01 09:57:00 -05:00

36 lines
1013 B
Diff
Raw Permalink Blame History

From 8e1793e2ddd8c2648b9a28f06bf21fd13bd12b39 Mon Sep 17 00:00:00 2001
From: Ar Jun <pkillarjun@protonmail.com>
Date: Mon, 18 Nov 2024 14:59:51 -0600
Subject: [PATCH] Fix heap buffer overflow in
soup-content-sniffer.c:sniff_feed_or_html()
---
libsoup/soup-content-sniffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 26c65bbd..698d05e4 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
(resource[*pos] == '\x0D')) {
*pos = *pos + 1;
- if (*pos > resource_length)
+ if (*pos >= resource_length)
return TRUE;
}
@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
do {
pos++;
- if (pos > resource_length)
+ if ((pos + 1) > resource_length)
goto text_html;
} while (resource[pos] != '>');
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink