xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mercurial: CVE-2016-3630

Browse source 
backported the following patches from mercurial 3.7.3:

https://selenic.com/repo/hg/rev/b6ed2505d6cf
https://selenic.com/repo/hg/rev/b9714d958e89
This commit is contained in:
cinap_lenrek 2016-04-03 04:04:56 +02:00
parent 0237b58390
commit cd9cddf3dd
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/lib/python/mercurial/mpatch.c
View file

@ -239,7 +239,7 @@ static struct flist *decode(const char *bin, int len)
char decode[12]; /* for dealing with alignment issues */
/* assume worst case size, we won't have many of these lists */
l = lalloc(len / 12);
l = lalloc(len / 12 + 1);
if (!l)
return NULL;
@ -250,7 +250,7 @@ static struct flist *decode(const char *bin, int len)
lt->start = ntohl(*(uint32_t *)decode);
lt->end = ntohl(*(uint32_t *)(decode + 4));
lt->len = ntohl(*(uint32_t *)(decode + 8));
if (lt->start > lt->end)
if (lt->start > lt->end || lt->len < 0)
break; /* sanity check */
bin = data + lt->len;
if (bin < data)

4
sys/src/cmd/hg/mercurial/mpatch.c
View file

@ -239,7 +239,7 @@ static struct flist *decode(const char *bin, int len)
char decode[12]; /* for dealing with alignment issues */
/* assume worst case size, we won't have many of these lists */
l = lalloc(len / 12);
l = lalloc(len / 12 + 1);
if (!l)
return NULL;
@ -250,7 +250,7 @@ static struct flist *decode(const char *bin, int len)
lt->start = ntohl(*(uint32_t *)decode);
lt->end = ntohl(*(uint32_t *)(decode + 4));
lt->len = ntohl(*(uint32_t *)(decode + 8));
if (lt->start > lt->end)
if (lt->start > lt->end || lt->len < 0)
break; /* sanity check */
bin = data + lt->len;
if (bin < data)