Bug#885617: stretch-pu: package libextractor/1:1.3-4
Control: tag -1 moreinfo
On Thu, Dec 28, 2017 at 17:11:02 +0100, Bertrand Marc wrote:
> diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch libextractor-1.3/debian/patches/CVE-2017-15600.patch
> --- libextractor-1.3/debian/patches/CVE-2017-15600.patch 1970-01-01 01:00:00.000000000 +0100
> +++ libextractor-1.3/debian/patches/CVE-2017-15600.patch 2017-12-28 11:39:33.000000000 +0100
> @@ -0,0 +1,29 @@
> +From: Bertrand Marc <bmarc@debian.org>, Markus Koschany <apo@debian.org>
> +Subject: CVE-2017-15600
> +
> +Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
> +Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
> +--- a/src/plugins/nsf_extractor.c
> ++++ b/src/plugins/nsf_extractor.c
> +@@ -152,13 +152,17 @@
> + char nsfversion[32];
> + const struct header *head;
> + void *data;
> ++ ssize_t ds;
> +
> +- if (sizeof (struct header) >
> +- ec->read (ec->cls,
> +- &data,
> +- sizeof (struct header)))
> ++ ds = ec->read (ec->cls,
> ++ &data,
> ++ sizeof (struct header));
> ++ if ( (-1 == ds) ||
> ++ (sizeof (struct header) > ds) )
> + return;
> + head = data;
> ++ if (NULL == head)
> ++ return 0;
> +
Curious how that works. 3 lines above is plain "return", and here
"return 0". What's the type of that function and how did the compiler
not flag this?
Cheers,
Julien
Reply to: