From a51f2d7593706eb38073b80df6192c6730f36c60 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 11 Aug 2017 08:59:36 +0000 Subject: main/curl: security upgrade to 7.55.0 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 fixes #7657 --- ...do-bounds-check-using-a-double-comparison.patch | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 main/curl/curl-do-bounds-check-using-a-double-comparison.patch (limited to 'main/curl/curl-do-bounds-check-using-a-double-comparison.patch') diff --git a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch new file mode 100644 index 0000000000..34e2b6c717 --- /dev/null +++ b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch @@ -0,0 +1,32 @@ +From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 +From: Adam Sampson +Date: Wed, 9 Aug 2017 14:11:17 +0100 +Subject: [PATCH] curl: do bounds check using a double comparison + +The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't +complete: if the parsed number in num is larger than will fit in a long, +the conversion is undefined behaviour (causing test1427 to fail for me +on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting +rid of the cast means the comparison will be done using doubles. + +It might make more sense for the max argument to also be a double... + +Fixes #1750 +Closes #1749 +--- + src/tool_paramhlp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index b9dedc989e..85c5e79a7e 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) + num = strtod(str, &endptr); + if(errno == ERANGE) + return PARAM_NUMBER_TOO_LARGE; +- if((long)num > max) { ++ if(num > max) { + /* too large */ + return PARAM_NUMBER_TOO_LARGE; + } -- cgit v1.2.3