Skip to content
Permalink
Browse files

Fix urldecode buffer overrun.

Reported by:	Duncan Overbruck
Security:	CVE-2020-7450
  • Loading branch information
gordon gordon
gordon authored and gordon committed Jan 28, 2020
1 parent 9289906 commit 17d91d18a86cd61b7e847c56d8f66818a673c7ba
Showing with 8 additions and 2 deletions.
  1. +8 −2 lib/libfetch/fetch.c
@@ -332,6 +332,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen)
}
if (dlen-- > 0)
*dst++ = c;
else
return (NULL);
}
return (s);
}
@@ -381,11 +383,15 @@ fetchParseURL(const char *URL)
if (p && *p == '@') {
/* username */
q = fetch_pctdecode(u->user, URL, URL_USERLEN);
if (q == NULL)
goto ouch;

/* password */
if (*q == ':')
if (*q == ':') {
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);

if (q == NULL)
goto ouch;
}
p++;
} else {
p = URL;

0 comments on commit 17d91d1

Please sign in to comment.
You can’t perform that action at this time.