3fb1c40 Ticket 49471 - heap-buffer-overflow in ss_unescape

2 files Authored by tbordaz 2 years ago , Committed by mreynolds 2 years ago ,
    Ticket 49471 - heap-buffer-overflow in ss_unescape
    
    Bug Description:
    	Two problems here
    		- when searching for wildcard and escape char, ss_unescape assumes the string
    		  is at least 3 chars longs. So memcmp can overflow a shorter string
    		- while splitting a string into substring pattern, it loops over
    		  wildcard and can overpass the string end
    
    Fix Description:
    	For the first problem, it checks the string size is long enough to memcmp
            a wildcard or an escape
    	For the second it exits from the loop  as soon as the end of the string is reached
    
    https://pagure.io/389-ds-base/issue/49471
    
    Reviewed by: William Brown
    
    Platforms tested: F23
    
    Flag Day: no
    
    Doc impact: no
    
    (cherry picked from commit 5991388ce75fba8885579b769711d57acfd43cd3)