46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
From 282feeae8df77bae287284f74e9f9c54d21e6d8d Mon Sep 17 00:00:00 2001
|
|
From: Nils Philippsen <nils@redhat.com>
|
|
Date: Mon, 23 May 2011 15:52:48 +0200
|
|
Subject: [PATCH] patch: psp-overflow
|
|
|
|
Squashed commit of the following:
|
|
|
|
commit c5b7e71d89c60a329d4db05f8ddb4610eab013d6
|
|
Author: Nils Philippsen <nils@redhat.com>
|
|
Date: Fri May 13 17:08:02 2011 +0200
|
|
|
|
file-psp: fix overflow protection (CVE-2011-1782)
|
|
|
|
amends commit 48ec15890e1751dede061f6d1f469b6508c13439, related to
|
|
CVE-2010-4543
|
|
(cherry picked from commit f657361db04de69ce003328724c59e3f942d7d15)
|
|
|
|
commit ab592eb5015f81defdd1e74cd5bcc7edfcd7ebf7
|
|
Author: Simon Budig <simon@budig.de>
|
|
Date: Mon Feb 14 21:46:31 2011 +0100
|
|
|
|
file-psp: fix for bogus input data. Fixes bug #639203
|
|
(cherry picked from commit 48ec15890e1751dede061f6d1f469b6508c13439)
|
|
---
|
|
plug-ins/common/file-psp.c | 4 ++++
|
|
1 files changed, 4 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
|
|
index db12770..4931c87 100644
|
|
--- a/plug-ins/common/file-psp.c
|
|
+++ b/plug-ins/common/file-psp.c
|
|
@@ -1244,6 +1244,10 @@ read_channel_data (FILE *f,
|
|
}
|
|
else
|
|
fread (buf, runcount, 1, f);
|
|
+
|
|
+ /* prevent buffer overflow for bogus data */
|
|
+ runcount = MIN (runcount, (endq - q) / bytespp);
|
|
+
|
|
if (bytespp == 1)
|
|
{
|
|
memmove (q, buf, runcount);
|
|
--
|
|
1.7.5.1
|
|
|