72 lines
1.7 KiB
Diff
72 lines
1.7 KiB
Diff
Fix CVE-2018-10756:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756
|
|
|
|
Patch copied from Fedora:
|
|
|
|
https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch
|
|
|
|
--- a/libtransmission/variant.c 2018-05-01 12:21:08.000000000 -0500
|
|
+++ b/libtransmission/variant.c 2020-05-18 10:21:27.554214128 -0500
|
|
@@ -820,7 +820,7 @@
|
|
struct SaveNode
|
|
{
|
|
const tr_variant * v;
|
|
- tr_variant sorted;
|
|
+ tr_variant* sorted;
|
|
size_t childIndex;
|
|
bool isVisited;
|
|
};
|
|
@@ -849,26 +849,33 @@
|
|
|
|
qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
|
|
|
|
- tr_variantInitDict (&node->sorted, n);
|
|
+ node->sorted = tr_new(tr_variant, 1);
|
|
+ tr_variantInitDict (node->sorted, n);
|
|
for (i=0; i<n; ++i)
|
|
- node->sorted.val.l.vals[i] = *tmp[i].val;
|
|
+ node->sorted->val.l.vals[i] = *tmp[i].val;
|
|
node->sorted.val.l.count = n;
|
|
|
|
tr_free (tmp);
|
|
|
|
- node->v = &node->sorted;
|
|
+ v = node->sorted;
|
|
}
|
|
else
|
|
{
|
|
- node->v = v;
|
|
+ node->sorted = NULL;
|
|
}
|
|
+
|
|
+ node->v = v;
|
|
}
|
|
|
|
static void
|
|
nodeDestruct (struct SaveNode * node)
|
|
{
|
|
- if (node->v == &node->sorted)
|
|
- tr_free (node->sorted.val.l.vals);
|
|
+ //TR_ASSERT(node != NULL);
|
|
+ if (node->sorted != NULL)
|
|
+ {
|
|
+ tr_free(node->sorted->val.l.vals);
|
|
+ tr_free(node->sorted);
|
|
+ }
|
|
}
|
|
|
|
/**
|
|
--- a/libtransmission/variant.c 2020-05-18 10:21:49.000000000 -0500
|
|
+++ b/libtransmission/variant.c 2020-05-18 10:24:34.673648865 -0500
|
|
@@ -853,7 +853,7 @@
|
|
tr_variantInitDict (node->sorted, n);
|
|
for (i=0; i<n; ++i)
|
|
node->sorted->val.l.vals[i] = *tmp[i].val;
|
|
- node->sorted.val.l.count = n;
|
|
+ node->sorted->val.l.count = n;
|
|
|
|
tr_free (tmp);
|
|
|
|
|