From 4501b5f9f001794ca87849f240d4af149b6f1b15 Mon Sep 17 00:00:00 2001
From: Lars Wendler <polynomial-c@gentoo.org>
Date: Mon, 2 Mar 2020 14:59:31 +0100
Subject: net-ftp/pure-ftpd: Security revbump for CVE-2020-9365

Bug: https://bugs.gentoo.org/711124
Package-Manager: Portage-2.3.91, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
---
 .../pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch    | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 net-ftp/pure-ftpd/files/pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch

(limited to 'net-ftp/pure-ftpd/files/pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch')

diff --git a/net-ftp/pure-ftpd/files/pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch
new file mode 100644
index 000000000000..4ed197e46d35
--- /dev/null
+++ b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch
@@ -0,0 +1,27 @@
+From 36c6d268cb190282a2c17106acfd31863121b58e Mon Sep 17 00:00:00 2001
+From: Frank Denis <github@pureftpd.org>
+Date: Mon, 24 Feb 2020 15:19:43 +0100
+Subject: [PATCH] pure_strcmp(): len(s2) can be > len(s1)
+
+Reported by Antonio Morales from GitHub Security Labs, thanks!
+---
+ src/utils.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/utils.c b/src/utils.c
+index f41492d..a7f0381 100644
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
+ 
+ int pure_strcmp(const char * const s1, const char * const s2)
+ {
+-    return pure_memcmp(s1, s2, strlen(s1) + 1U);
++    const size_t s1_len = strlen(s1);
++    const size_t s2_len = strlen(s2);
++
++    if (s1_len != s2_len) {
++        return -1;
++    }
++    return pure_memcmp(s1, s2, s1_len);
+ }
-- 
cgit v1.2.3-65-gdbad