rdieter pushed to openslp (f20). "awol patch"

notifications at fedoraproject.org notifications at fedoraproject.org
Mon May 11 13:29:31 UTC 2015 

From 7d4ecf94f98d0e7fc0d06742210fff014887f19b Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter at math.unl.edu>
Date: Mon, 11 May 2015 08:29:19 -0500
Subject: awol patch


diff --git a/openslp-1.2.1-CVE-2012-4428.patch b/openslp-1.2.1-CVE-2012-4428.patch
new file mode 100644
index 0000000..8ec1823
--- /dev/null
+++ b/openslp-1.2.1-CVE-2012-4428.patch
@@ -0,0 +1,70 @@
+Description: Fix out-of-bounds buffer access (CVE-2012-4428)
+ Fix handling of string-list in common/slp_common.c by not increasing
+ the item pointer past the string-list pointer, and letting '\\' only
+ escape the item separator ','.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug: http://sourceforge.net/p/openslp/bugs/122/
+Bug-Debian: https://bugs.debian.org/687597
+Last-Update: 2014-07-25
+
+---
+ common/slp_compare.c |   33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+--- a/common/slp_compare.c
++++ b/common/slp_compare.c
+@@ -272,13 +272,10 @@ int SLPContainsStringList(int listlen,
+         /* seek to the end of the next list item */
+         while(1)
+         {
+-            if(itemend == listend || *itemend == ',')
+-            {
+-                if(*(itemend - 1) != '\\')
+-                {
+-                    break;
+-                }
+-            }
++            if(itemend == listend)
++                break;
++            if(*itemend == ',' && *(itemend - 1) != '\\')
++                break;
+ 
+             itemend ++;
+         }
+@@ -328,13 +325,10 @@ int SLPIntersectStringList(int list1len,
+         /* seek to the end of the next list item */
+         while(1)
+         {
+-            if(itemend == listend || *itemend == ',')
+-            {
+-                if(*(itemend - 1) != '\\')
+-                {
+-                    break;
+-                }
+-            }
++            if(itemend == listend)
++                break;
++            if(*itemend == ',' && *(itemend - 1) != '\\')
++                break;
+ 
+             itemend ++;
+         }
+@@ -417,13 +411,10 @@ int SLPUnionStringList(int list1len,
+         /* seek to the end of the next list item */
+         while(1)
+         {
+-            if(itemend == listend || *itemend == ',')
+-            {
+-                if(*(itemend - 1) != '\\')
+-                {
+-                    break;
+-                }
+-            }
++            if(itemend == listend)
++                break;
++            if(*itemend == ',' && *(itemend - 1) != '\\')
++                break;
+ 
+             itemend ++;
+         }
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/openslp.git/commit/?h=f20&id=7d4ecf94f98d0e7fc0d06742210fff014887f19b

More information about the scm-commits mailing list