Fix CVE-2018-20431: https://gnunet.org/bugs/view.php?id=5494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431 https://security-tracker.debian.org/tracker/CVE-2018-20431 Patch copied from upstream source repository: https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7 To apply the patch to libextractor 1.8 release tarball, hunk #1 which patches ChangeLog is removed. From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 20 Dec 2018 23:02:28 +0100 Subject: [PATCH] fix #5494 --- ChangeLog | 3 ++- src/plugins/ole2_extractor.c | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c index 53fa1b9..a48b726 100644 --- a/src/plugins/ole2_extractor.c +++ b/src/plugins/ole2_extractor.c @@ -173,7 +173,7 @@ struct ProcContext EXTRACTOR_MetaDataProcessor proc; /** - * Closure for 'proc'. + * Closure for @e proc. */ void *proc_cls; @@ -213,7 +213,12 @@ process_metadata (gpointer key, if (G_VALUE_TYPE(gval) == G_TYPE_STRING) { - contents = strdup (g_value_get_string (gval)); + const char *gvals; + + gvals = g_value_get_string (gval); + if (NULL == gvals) + return; + contents = strdup (gvals); } else { -- 2.20.1