| From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> |
| Date: Fri, 1 Sep 2017 10:04:48 +0200 |
| Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow |
| |
| This fix is a backport from libidn2 and addresses |
| CVE-2017-14062. |
| |
| Signed-off-by: Baruch Siach <baruch@tkos.co.il> |
| --- |
| Upstream status: commit e9e81b8063b095 |
| |
| lib/punycode.c | 6 +++--- |
| 1 file changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/lib/punycode.c b/lib/punycode.c |
| index 86819a7deb85..49250a13e2cc 100644 |
| --- a/lib/punycode.c |
| +++ b/lib/punycode.c |
| @@ -88,10 +88,10 @@ enum |
| /* point (for use in representing integers) in the range 0 to */ |
| /* base-1, or base if cp does not represent a value. */ |
| |
| -static punycode_uint |
| -decode_digit (punycode_uint cp) |
| +static unsigned |
| +decode_digit (int cp) |
| { |
| - return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : |
| + return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : |
| cp - 97 < 26 ? cp - 97 : base; |
| } |
| |
| -- |
| 2.14.1 |
| |