source-git / systemd

Clone
Source Code
GIT

8aacfd core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)

4 files Authored by Lennart Poettering 4 years ago, Committed by Packit Service 4 years ago,
raw patch tree parent
4 files changed. 50 lines added. 52 lines removed.
src/core/job.c
file modified
+11 -8
src/core/manager.c
file modified
+20 -27
src/core/unit.c
file modified
+18 -16
src/core/unit.h
file modified
+1 -1 
    core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
    
    This should be much better than fgets(), as we can read substantially
    longer lines and overly long lines result in proper errors.
    
    Fixes a vulnerability discovered by Jann Horn at Google.
    
    CVE-2018-15686
    LP: #1796402
    https://bugzilla.redhat.com/show_bug.cgi?id=1639071
    
    (cherry picked from commit 8948b3415d762245ebf5e19d80b97d4d8cc208c1)
    
    Resolves: CVE-2018-15686
    
    patch_name: 0061-core-when-deserializing-state-always-use-read_line-L.patch
    present_in_specfile: true
    location_in_specfile: 61
    squash_commits: true
file modified
+11 -8
file modified
+20 -27
file modified
+18 -16
file modified
+1 -1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation