Blame SOURCES/wget-1.14-CVE-2017-13090.patch
|
 |
226bdc |
@@ -, +, @@
|
|
|
226bdc |
(CVE-2017-13090)
|
|
|
226bdc |
---
|
|
|
226bdc |
src/retr.c | 6 ++++++
|
|
|
226bdc |
1 file changed, 6 insertions(+)
|
|
|
226bdc |
--- a/src/retr.c
|
|
|
226bdc |
+++ a/src/retr.c
|
|
|
226bdc |
@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
|
|
|
226bdc |
remaining_chunk_size = strtol (line, &endl, 16);
|
|
|
226bdc |
xfree (line);
|
|
|
226bdc |
|
|
|
226bdc |
+ if (remaining_chunk_size < 0)
|
|
|
226bdc |
+ {
|
|
|
226bdc |
+ ret = -1;
|
|
|
226bdc |
+ break;
|
|
|
226bdc |
+ }
|
|
|
226bdc |
+
|
|
|
226bdc |
if (remaining_chunk_size == 0)
|
|
|
226bdc |
{
|
|
|
226bdc |
ret = 0;
|
|
|
226bdc |
--
|