diff options
Diffstat (limited to 'user/samurai/CVE-2021-30218.patch')
| -rw-r--r-- | user/samurai/CVE-2021-30218.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/user/samurai/CVE-2021-30218.patch b/user/samurai/CVE-2021-30218.patch new file mode 100644 index 000000000..1d6663865 --- /dev/null +++ b/user/samurai/CVE-2021-30218.patch @@ -0,0 +1,29 @@ +From e84b6d99c85043fa1ba54851ee500540ec206918 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Fri, 2 Apr 2021 17:27:48 -0700 +Subject: [PATCH] util: Check for NULL string in writefile + +This check was there previously, but was removed in f549b757 with +the addition of a check during parse that every rule has rspfile +if and only if it has rspfile_content. However, this fails to +consider the possibility of those variables coming from the edge +or global environment. So, re-add the check. + +Fixes #67. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index ea5c3ce..2a59881 100644 +--- a/util.c ++++ b/util.c +@@ -258,7 +258,7 @@ writefile(const char *name, struct string *s) + return -1; + } + ret = 0; +- if (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0) { ++ if (s && (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0)) { + warn("write %s:", name); + ret = -1; + } |