utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch

   1 From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001
   2 From: Uwe Ohse <uwe@ohse.de>
   3 Date: Sun, 1 Mar 2020 22:35:28 +0000
   4 Subject: [PATCH] may-be-security-fix: avoid possible underflow
   5
   6 Fixes: CVE-2018-10195
   7
   8 [a.heider: mention CVE in commit message]
   9 ---
  10  src/zm.c | 5 +++--
  11  1 file changed, 3 insertions(+), 2 deletions(-)
  12
  13 --- a/src/zm.c
  14 +++ b/src/zm.c
  15 @@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i
  16         VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
  17                 Zendnames[(frameend-ZCRCE)&3]));
  18         crc = 0;
  19 -       do {
  20 +       while (length>0) {
  21                 zsendline(*buf); crc = updcrc((0377 & *buf), crc);
  22                 buf++;
  23 -       } while (--length>0);
  24 +               length--;
  25 +       }
  26         xsendline(ZDLE); xsendline(frameend);
  27         crc = updcrc(frameend, crc);
  28