From: Markus Koschany <apo@debian.org> Date: Thu, 2 Nov 2017 15:54:51 +0100 Subject: CVE-2017-15955 Bug-Debian: https://bugs.debian.org/880116 Origin: https://github.com/rydnr/nixpkgs/blob/5643fd19cf46ae516c69b625cd09f5a6a8774b6f/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch --- bchunk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bchunk.c b/bchunk.c index 733cfd1..60d3000 100644 --- a/bchunk.c +++ b/bchunk.c @@ -426,12 +426,12 @@ int main(int argc, char **argv) printf("\nTrack "); if (!(p = strchr(p, ' '))) { fprintf(stderr, "... ouch, no space after TRACK.\n"); - continue; + exit(3); } p++; if (!(t = strchr(p, ' '))) { fprintf(stderr, "... ouch, no space after track number.\n"); - continue; + exit(3); } *t = '\0'; @@ -460,12 +460,12 @@ int main(int argc, char **argv) } else if ((p = strstr(s, "INDEX"))) { if (!(p = strchr(p, ' '))) { printf("... ouch, no space after INDEX.\n"); - continue; + exit(3); } p++; if (!(t = strchr(p, ' '))) { printf("... ouch, no space after index number.\n"); - continue; + exit(3); } *t = '\0'; t++;