18 lines
875 B
Diff
18 lines
875 B
Diff
Author: Antonio Diaz-Diaz <antonio@gnu.org>
|
|
Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).
|
|
|
|
diff -Naurp zutils.orig/zcat.cc zutils/zcat.cc
|
|
--- zutils.orig/zcat.cc
|
|
+++ zutils/zcat.cc
|
|
@@ -229,8 +229,9 @@ int cat( int infd, const int format_inde
|
|
enum { buffer_size = 4096 };
|
|
// buffer with space for sentinel newline at the end
|
|
uint8_t * const inbuf = new uint8_t[buffer_size+1];
|
|
- // buffer with space for character quoting and 255-digit line number
|
|
- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
|
|
+ // buffer with space for character quoting, 255-digit line number and
|
|
+ // worst case flushing respect to inbuf.
|
|
+ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
|
|
int retval = 0;
|
|
Children children;
|
|
if( !set_data_feeder( &infd, children, format_index ) ) retval = 1;
|