summaryrefslogtreecommitdiff
path: root/test/integration/test-ubuntu-bug-1078697-missing-source-hashes
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2020-12-05 20:17:56 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2020-12-09 17:30:43 +0100
commit0444f9dd52c2bc7bec315f6f1ecad76a30713fa0 (patch)
tree829adb6ab6b082ed027f3a64c2d489bc6d330a4a /test/integration/test-ubuntu-bug-1078697-missing-source-hashes
parent822db13d68658a1a20df2d19c688c18faa331616 (diff)
CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiB
Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes.
Diffstat (limited to 'test/integration/test-ubuntu-bug-1078697-missing-source-hashes')
0 files changed, 0 insertions, 0 deletions