void-packages/srcpkgs/libidn/patches/CVE-2017-14062.patch

32 lines
933 B
Diff

From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Fri, 1 Sep 2017 10:04:48 +0200
Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
This fix is a backport from libidn2 and addresses
CVE-2017-14062.
---
lib/punycode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/punycode.c b/lib/punycode.c
index 86819a7..49250a1 100644
--- lib/punycode.c
+++ lib/punycode.c
@@ -88,10 +88,10 @@ enum
/* point (for use in representing integers) in the range 0 to */
/* base-1, or base if cp does not represent a value. */
-static punycode_uint
-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
{
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
cp - 97 < 26 ? cp - 97 : base;
}
--
1.9.1