From c5343f18744d0f6fddcc590f9a54c23674d8c489 Mon Sep 17 00:00:00 2001 From: Martin Michlmayr Date: Sat, 26 Jan 2019 13:02:25 -0300 Subject: Fix possible stack overflow in option parsing routine It is possible to create a stack overflow by giving an option that is longer than the buffer that is used during option parsing because the length of the input string is not checked. Prevent the issue by always checking the input string length and discarding options that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12481. Thanks to Gwan Yeong Kim for reporting this issue. Fixes #1222 --- test/regress/1222.test | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 test/regress/1222.test (limited to 'test') diff --git a/test/regress/1222.test b/test/regress/1222.test new file mode 100644 index 00000000..535a0e32 --- /dev/null +++ b/test/regress/1222.test @@ -0,0 +1,7 @@ +--fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo + +test reg -> 1 +__ERROR__ +While parsing file "$FILE", line 1: +Error: Illegal option --fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo +end test -- cgit v1.2.3