Fix CVE-2018-20430: https://gnunet.org/bugs/view.php?id=5493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430 https://security-tracker.debian.org/tracker/CVE-2018-20430 Patch copied from upstream source repository: https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110 From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 20 Dec 2018 22:47:53 +0100 Subject: [PATCH] fix #5493 (out of bounds read) --- src/common/convert.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/convert.c b/src/common/convert.c index c0edf21..2be2108 100644 --- a/src/common/convert.c +++ b/src/common/convert.c @@ -36,8 +36,8 @@ * string is returned. */ char * -EXTRACTOR_common_convert_to_utf8 (const char *input, - size_t len, +EXTRACTOR_common_convert_to_utf8 (const char *input, + size_t len, const char *charset) { #if HAVE_ICONV @@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, i = input; cd = iconv_open ("UTF-8", charset); if (cd == (iconv_t) - 1) - return strdup (i); + return strndup (i, len); if (len > 1024 * 1024) { iconv_close (cd); @@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, } itmp = tmp; finSize = tmpSize; - if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX) + if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1)) { iconv_close (cd); free (tmp); - return strdup (i); + return strndup (i, len); } ret = malloc (tmpSize - finSize + 1); if (ret == NULL) -- 2.20.1