Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 488fc98adf
Branches Tags
openwrt_lede
/
package
/
network
/
utils
/
curl
/
patches
/
107-CVE-2017-1000257.patch

107-CVE-2017-1000257.patch 902 B
History Raw

12345678910111213141516171819202122232425262728 
  1. From 13c9a9ded3ae744a1e11cbc14e9146d9fa427040 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Daniel Stenberg <daniel@haxx.se>
    3. 

  3. Date: Sat, 7 Oct 2017 00:11:31 +0200
    4. 

  4. Subject: [PATCH] imap: if a FETCH response has no size, don't call write
    5. 

  5.  callback
    6. 

  6. 

  7. CVE-2017-1000257
    8. 

  8. 

  9. Reported-by: Brian Carpenter and 0xd34db347
    10. 

  10. Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
    11. 

  11. ---
    12. 

  12.  lib/imap.c | 5 +++++
    13. 

  13.  1 file changed, 5 insertions(+)
    14. 

  14. 

  15. --- a/lib/imap.c
    16. 

  16. +++ b/lib/imap.c
    17. 

  17. @@ -1140,6 +1140,11 @@ static CURLcode imap_state_fetch_resp(st
    18. 

  18.          /* The conversion from curl_off_t to size_t is always fine here */
    19. 

  19.          chunk = (size_t)size;
    20. 

  20.  
    21. 

  21. +      if(!chunk) {
    22. 

  22. +        /* no size, we're done with the data */
    23. 

  23. +        state(conn, IMAP_STOP);
    24. 

  24. +        return CURLE_OK;
    25. 

  25. +      }
    26. 

  26.        result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
    27. 

  27.        if(result)
    28. 

  28.          return result;
    29.