On 2019/04/03 20:45, Nam Nguyen wrote:
>
> This is a new release of wget 1.20.2 (April 1, 2019). I successfully
> downloaded install64.iso as a test. Of note: "Fixed a buffer overflow
> vulnerability." I just wanted to get this new version out first. I will
> look into how to download the corpus of tests to reactivate fuzz tests
> in a future diff.
Thanks, committed. I don't really see much value in adding fuzz tests
to ports if upstream doesn't see a need to include them in the main
distfile - that is more something that upstream developers would use
rather than part of the usual regression test framework.
> Release notes:
> https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html
>
> Details on vulnerability:
> https://lists.gnu.org/archive/html/bug-wget/2019-02/msg00004.html
> https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=72e936e89c09bcf1a76479258881d91b0a27003f
Those posts relate to the gnulib change which in practice isn't likely
to affect much other than cygwin crosscompiles (and is infinite recursion
not a buffer overflow).
I *think* the buffer overflow refers to this corner-case.
+ * src/http.c (response_head_terminator): Don't access uninitialized data
->
/* p==end-2: check for \n\n directly preceding END. */
- if (p[0] == '\n' && p[1] == '\n')
+ if (peeklen >= 2 && p[0] == '\n' && p[1] == '\n')
return p + 2;
No comments:
Post a Comment