|
| 1 | +From 29d59278577f9a4dcf547cedd383d8af6dafca87 Mon Sep 17 00:00:00 2001 |
| 2 | +From: Sreenivasulu Malavathula <v-smalavathu@microsoft.com> |
| 3 | +Date: Wed, 14 May 2025 18:59:49 -0500 |
| 4 | +Subject: [PATCH] Address CVE-2023-33461 |
| 5 | +Upstream Patch Reference: https://src.fedoraproject.org/rpms/iniparser/blob/f38/f/iniparser-4.1-CVE-2023-33461.patch |
| 6 | + |
| 7 | +--- |
| 8 | + src/iniparser.c | 6 +++--- |
| 9 | + 1 file changed, 3 insertions(+), 3 deletions(-) |
| 10 | + |
| 11 | +diff --git a/src/iniparser.c b/src/iniparser.c |
| 12 | +index 62febeb..11ec902 100644 |
| 13 | +--- a/src/iniparser.c |
| 14 | ++++ b/src/iniparser.c |
| 15 | +@@ -457,7 +457,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n |
| 16 | + const char * str ; |
| 17 | + |
| 18 | + str = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 19 | +- if (str==INI_INVALID_KEY) return notfound ; |
| 20 | ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; |
| 21 | + return strtol(str, NULL, 0); |
| 22 | + } |
| 23 | + |
| 24 | +@@ -512,7 +512,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou |
| 25 | + const char * str ; |
| 26 | + |
| 27 | + str = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 28 | +- if (str==INI_INVALID_KEY) return notfound ; |
| 29 | ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; |
| 30 | + return atof(str); |
| 31 | + } |
| 32 | + |
| 33 | +@@ -554,7 +554,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) |
| 34 | + const char * c ; |
| 35 | + |
| 36 | + c = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 37 | +- if (c==INI_INVALID_KEY) return notfound ; |
| 38 | ++ if (c==NULL || c==INI_INVALID_KEY) return notfound ; |
| 39 | + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { |
| 40 | + ret = 1 ; |
| 41 | + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { |
| 42 | +-- |
| 43 | +2.45.2 |
| 44 | + |
0 commit comments