Skip to content
Commit ec22cc39 authored by Lennart Poettering's avatar Lennart Poettering Committed by Zbigniew Jędrzejewski-Szmek
Browse files

core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) 

This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.

Fixes a vulnerability discovered by Jann Horn at Google.

CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071

(cherry picked from commit 8948b341)
(cherry picked from commit 1a05ff49)
parent c8752dcc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment