[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-14866

Hi Ola,

> Hi Sergey
> I can see that the fix is quite different from the one Thomas proposed. Do
> I understand correctly that this fix go around the problem in a different
> way?

Not quite so.  It takes basically the same approach as the fix Thomas
proposed, but also removes unnecessary code duplication and ensures
informative error diagnostics.

> I do not see any explicit value > 0 check.

See the return from the to_ascii function.

> it looks like the fix allows larger file sizes

No, of course all size limits remain the same,


Reply to: