blob: f7deb978413c568a2d3ea820b3bbe32a7f08a84f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# HG changeset patch
# User Matt Mackall <mpm@selenic.com>
# Date 1458174626 25200
# Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7
# Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732
parsers: detect short records (SEC)
CVE-2016-3630 (2/2)
This addresses part of a vulnerability in binary delta application.
diff -r b6ed2505d6cf -r b9714d958e89 mercurial/mpatch.c
--- a/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700
+++ b/mercurial/mpatch.c Wed Mar 16 17:30:26 2016 -0700
@@ -215,10 +215,10 @@
lt->start = getbe32(bin + pos);
lt->end = getbe32(bin + pos + 4);
lt->len = getbe32(bin + pos + 8);
- if (lt->start > lt->end)
- break; /* sanity check */
lt->data = bin + pos + 12;
pos += 12 + lt->len;
+ if (lt->start > lt->end || lt->len < 0)
+ break; /* sanity check */
lt++;
}
|
