Fix segfault when calling strchr in http.c (#1511562)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2017-12-08 17:09:00 +01:00 · 2017-12-08 17:09:00 +01:00 · 0646b68da4
commit 0646b68da4
parent 1d92875e38
2 changed files with 53 additions and 1 deletions
--- a/wget-1.19.2-fix-segfault-in-http-c.patch
+++ b/wget-1.19.2-fix-segfault-in-http-c.patch
@ -0,0 +1,46 @@
+diff --git a/src/http.c b/src/http.c
+index dc31823..47de828 100644
+--- a/src/http.c
+++ b/src/http.c
+@@ -3712,22 +3712,30 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+                && opt.compression != compression_none)
+         {
+           /* Make sure the Content-Type is not gzip before decompressing */
+-          const char * p = strchr (type, '/');
+-          if (p == NULL)
+-            {
+-              hs->remote_encoding = ENC_GZIP;
+-              hs->local_encoding = ENC_NONE;
+-            }
+-          else
+          if (type)
+             {
+-              p++;
+-              if (c_tolower(p[0]) == 'x' && p[1] == '-')
+-                p += 2;
+-              if (0 != c_strcasecmp (p, "gzip"))
+              const char * p = strchr (type, '/');
+              if (p == NULL)
+                 {
+                   hs->remote_encoding = ENC_GZIP;
+                   hs->local_encoding = ENC_NONE;
+                 }
+              else
+                {
+                  p++;
+                  if (c_tolower(p[0]) == 'x' && p[1] == '-')
+                    p += 2;
+                  if (0 != c_strcasecmp (p, "gzip"))
+                    {
+                      hs->remote_encoding = ENC_GZIP;
+                      hs->local_encoding = ENC_NONE;
+                    }
+                }
+            }
+          else
+            {
+               hs->remote_encoding = ENC_GZIP;
+               hs->local_encoding = ENC_NONE;
+             }
+         }
+ #endif
--- a/wget.spec
+++ b/wget.spec
@ -1,13 +1,15 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.19.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
 Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz

 Patch1: wget-1.17-path.patch
+# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=973c26ed7d51052a7b6e120ed1b84e47266667e1
+Patch2: wget-1.19.2-fix-segfault-in-http-c.patch

 Provides: webclient
 Provides: bundled(gnulib) 
@ -35,6 +37,7 @@ sed -i "s|\(PACKAGE_STRING='wget .*\)'|\1 (Red Hat modified)'|" configure
 grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1

 %patch1 -p1 -b .path
+%patch2 -p1 -b .http_segfault

 %build
 %configure \
@ -81,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*

 %changelog
+* Fri Dec 08 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-2
+- Fix segfault when calling strchr in http.c (#1511562)
+
 * Fri Oct 27 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-1
 - Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090