emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/fetch: fix CVE-2020-7450

Browse Source 
https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc
This commit is contained in:
Duncan Overbruck 2020-01-28 20:03:56 +01:00
parent 40dd4deb4d
commit 57675c7dfc
No known key found for this signature in database
GPG Key ID: 335C1D17EC3D6E35
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/fetch/fetch.c
View File

@ -331,6 +331,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen)
} }
if (dlen-- > 0) if (dlen-- > 0)
*dst++ = c; *dst++ = c;
else
return (NULL);
} }
return (s); return (s);
} }
@ -481,10 +483,14 @@ find_user:
if (p != NULL && *p == '@') { if (p != NULL && *p == '@') {
/* username */ /* username */
q = fetch_pctdecode(u->user, URL, URL_USERLEN); q = fetch_pctdecode(u->user, URL, URL_USERLEN);
if (q == NULL)
goto ouch;
/* password */ /* password */
if (*q == ':') if (*q == ':') {
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN); q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
if (q == NULL)
goto ouch;
}
p++; p++;
} else { } else {
p = URL; p = URL;