On 2017-10-01, Jeremie Courreges-Anglas <jca@wxcvbn.org> wrote:
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ devel/libidn/patches/patch-lib_punycode_c 1 Oct 2017 22:06:28 -0000
> @@ -0,0 +1,27 @@
> +$OpenBSD$
> +
> +commit e9e81b8063b095b02cf104bb992fa9bf9515b9d8
> +Author: Tim Rühsen <tim.ruehsen@gmx.de>
> +Date: Fri Sep 1 10:04:48 2017 +0200
> +
> + lib/punycode.c (decode_digit): Fix integer overflow
> +
> + This fix is a backport from libidn2 and addresses
> + CVE-2017-14062.
> +
> +Index: lib/punycode.c
> +--- lib/punycode.c.orig
> ++++ lib/punycode.c
> +@@ -88,10 +88,10 @@ enum
> + /* point (for use in representing integers) in the range 0 to */
> + /* base-1, or base if cp does not represent a value. */
> +
> +-static punycode_uint
> ++static unsigned
> + decode_digit (punycode_uint cp)
> + {
> +- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
> ++ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
> + cp - 97 < 26 ? cp - 97 : base;
> + }
> +
This is twice wrong. It's different from the actual change in the
referenced commit, and both are different from the libidn2 change.
--
Christian "naddy" Weisgerber naddy@mips.inka.de
No comments:
Post a Comment