xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunInteger overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.
2*4882a593Smuzhiyun
3*4882a593SmuzhiyunPatch taken from Fedora.
4*4882a593Smuzhiyun
5*4882a593SmuzhiyunCVE: CVE-2018-10195
6*4882a593SmuzhiyunUpstream-Status: Inappropriate (dead upstream)
7*4882a593SmuzhiyunSigned-off-by: Ross Burton <ross.burton@intel.com>
8*4882a593Smuzhiyun
9*4882a593Smuzhiyundiff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
10*4882a593Smuzhiyun--- lrzsz-0.12.20/src/zm.c	Tue Dec 29 09:48:38 1998
11*4882a593Smuzhiyun+++ lrzsz-0.12.20.new/src/zm.c	Tue Oct  8 12:46:58 2002
12*4882a593Smuzhiyun@@ -431,10 +431,12 @@
13*4882a593Smuzhiyun 	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
14*4882a593Smuzhiyun 		Zendnames[(frameend-ZCRCE)&3]));
15*4882a593Smuzhiyun 	crc = 0;
16*4882a593Smuzhiyun-	do {
17*4882a593Smuzhiyun-		zsendline(*buf); crc = updcrc((0377 & *buf), crc);
18*4882a593Smuzhiyun-		buf++;
19*4882a593Smuzhiyun-	} while (--length>0);
20*4882a593Smuzhiyun+
21*4882a593Smuzhiyun+	for( ; length; length--) {
22*4882a593Smuzhiyun+	  zsendline(*buf); crc = updcrc((0377 & *buf), crc);
23*4882a593Smuzhiyun+	  buf++;
24*4882a593Smuzhiyun+	}
25*4882a593Smuzhiyun+
26*4882a593Smuzhiyun 	xsendline(ZDLE); xsendline(frameend);
27*4882a593Smuzhiyun 	crc = updcrc(frameend, crc);
28*4882a593Smuzhiyun