Fix out-of-bounds read in c_substitute(): http://seclists.org/oss-sec/2016/q4/612 Patch copied from upstream source repository: https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 From 6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 Mon Sep 17 00:00:00 2001 From: christos Date: Fri, 2 Dec 2016 16:59:28 +0000 Subject: [PATCH] Fix out of bounds read (Brooks Davis) (reproduce by starting tcsh and hitting tab at the prompt) --- ed.chared.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ed.chared.c b/ed.chared.c index 1277e53..310393e 100644 --- ed.chared.c +++ ed.chared.c @@ -750,7 +750,7 @@ c_substitute(void) /* * If we found a history character, go expand it. */ - if (HIST != '\0' && *p == HIST) + if (p >= InputBuf && HIST != '\0' && *p == HIST) nr_exp = c_excl(p); else nr_exp = 0; s='sub'>Wojtek's customized Guix
aboutsummaryrefslogtreecommitdiff
path: root/tests/cve.scm
AgeCommit message (Expand)Author
2019-10-23cve: Rewrite to read the JSON feed instead of the XML feed....The XML feed was discontinued on Oct. 16th, 2019: <https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3> * guix/cve.scm (string->date*): New procedure. (<cve-item>, <cve>, <cve-reference>): New record types. (cpe-match->cve-configuration, configuration-data->cve-configurations) (json->cve-items, version-matches?): New procedures. (yearly-feed-uri): Change URL to refer to JSON feed. (cpe->product-alist, %parse-vulnerability-feed) (xml->vulnerabilities): Remove. (cve-configuration->package-list, merge-package-lists) (cve-item->vulnerability, json->vulnerabilities): New procedures. (write-cache): Use 'json->vulnerabilities' instead of 'xml->vulnerabilities', and remove 'parameterize'. (vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is true. * tests/cve.scm (%sample): Use 'tests/cve-sample.json'. (%expected-vulnerabilities): Rewrite accordingly. ("json->cve-items", "cve-item-published-date") ("json->vulnerabilities"): New tests. ("xml->vulnerabilities"): Remove. ("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities. * tests/cve-sample.json: New file. * tests/cve-sample.xml: Remove. * Makefile.am (EXTRA_DIST): Adjust accordingly. * doc/guix.texi (Invoking guix lint): Update nist.gov URLs. Ludovic Courtès
2019-10-20tests: Avoid now-deprecated 'make-struct'....* tests/cve.scm (vulnerability): Use 'make-struct/no-tail' instead of 'make-struct', which is deprecated. * tests/lint.scm ("cve: one vulnerability") ("cve: one patched vulnerability") ("cve: known safe from vulnerability") ("cve: vulnerability fixed in replacement version") ("cve: patched vulnerability in replacement"): Likewise. Ludovic Courtès