Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jul 2019 00:00:39 +0000 (UTC)
From:      Gordon Tetlow <gordon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r349621 - in releng: 11.2/lib/libc/iconv 11.3/lib/libc/iconv 12.0/lib/libc/iconv
Message-ID:  <201907030000.x6300dUD045930@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: gordon
Date: Wed Jul  3 00:00:39 2019
New Revision: 349621
URL: https://svnweb.freebsd.org/changeset/base/349621

Log:
  Fix iconv buffer overflow.
  
  Approved by:	so
  Approved by:	re (implicit)
  Security:	FreeBSD-SA-19:09.iconv

Modified:
  releng/11.2/lib/libc/iconv/citrus_none.c
  releng/11.3/lib/libc/iconv/citrus_none.c
  releng/12.0/lib/libc/iconv/citrus_none.c

Modified: releng/11.2/lib/libc/iconv/citrus_none.c
==============================================================================
--- releng/11.2/lib/libc/iconv/citrus_none.c	Tue Jul  2 23:59:45 2019	(r349620)
+++ releng/11.2/lib/libc/iconv/citrus_none.c	Wed Jul  3 00:00:39 2019	(r349621)
@@ -142,7 +142,7 @@ _citrus_NONE_stdenc_cstomb(struct _citrus_stdenc * __r
 		s[2] = (char)(idx >> 16);
 		*nresult = 3;
 	} else {
-		if (n < 3) {
+		if (n < 4) {
 			*nresult = (size_t)-1;
 			return (E2BIG);
 		}

Modified: releng/11.3/lib/libc/iconv/citrus_none.c
==============================================================================
--- releng/11.3/lib/libc/iconv/citrus_none.c	Tue Jul  2 23:59:45 2019	(r349620)
+++ releng/11.3/lib/libc/iconv/citrus_none.c	Wed Jul  3 00:00:39 2019	(r349621)
@@ -142,7 +142,7 @@ _citrus_NONE_stdenc_cstomb(struct _citrus_stdenc * __r
 		s[2] = (char)(idx >> 16);
 		*nresult = 3;
 	} else {
-		if (n < 3) {
+		if (n < 4) {
 			*nresult = (size_t)-1;
 			return (E2BIG);
 		}

Modified: releng/12.0/lib/libc/iconv/citrus_none.c
==============================================================================
--- releng/12.0/lib/libc/iconv/citrus_none.c	Tue Jul  2 23:59:45 2019	(r349620)
+++ releng/12.0/lib/libc/iconv/citrus_none.c	Wed Jul  3 00:00:39 2019	(r349621)
@@ -144,7 +144,7 @@ _citrus_NONE_stdenc_cstomb(struct _citrus_stdenc * __r
 		s[2] = (char)(idx >> 16);
 		*nresult = 3;
 	} else {
-		if (n < 3) {
+		if (n < 4) {
 			*nresult = (size_t)-1;
 			return (E2BIG);
 		}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907030000.x6300dUD045930>