rdieter pushed to openslp (el5). "awol patch"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon May 11 13:29:47 UTC 2015
From 7d4ecf94f98d0e7fc0d06742210fff014887f19b Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter at math.unl.edu>
Date: Mon, 11 May 2015 08:29:19 -0500
Subject: awol patch
diff --git a/openslp-1.2.1-CVE-2012-4428.patch b/openslp-1.2.1-CVE-2012-4428.patch
new file mode 100644
index 0000000..8ec1823
--- /dev/null
+++ b/openslp-1.2.1-CVE-2012-4428.patch
@@ -0,0 +1,70 @@
+Description: Fix out-of-bounds buffer access (CVE-2012-4428)
+ Fix handling of string-list in common/slp_common.c by not increasing
+ the item pointer past the string-list pointer, and letting '\\' only
+ escape the item separator ','.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug: http://sourceforge.net/p/openslp/bugs/122/
+Bug-Debian: https://bugs.debian.org/687597
+Last-Update: 2014-07-25
+
+---
+ common/slp_compare.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+--- a/common/slp_compare.c
++++ b/common/slp_compare.c
+@@ -272,13 +272,10 @@ int SLPContainsStringList(int listlen,
+ /* seek to the end of the next list item */
+ while(1)
+ {
+- if(itemend == listend || *itemend == ',')
+- {
+- if(*(itemend - 1) != '\\')
+- {
+- break;
+- }
+- }
++ if(itemend == listend)
++ break;
++ if(*itemend == ',' && *(itemend - 1) != '\\')
++ break;
+
+ itemend ++;
+ }
+@@ -328,13 +325,10 @@ int SLPIntersectStringList(int list1len,
+ /* seek to the end of the next list item */
+ while(1)
+ {
+- if(itemend == listend || *itemend == ',')
+- {
+- if(*(itemend - 1) != '\\')
+- {
+- break;
+- }
+- }
++ if(itemend == listend)
++ break;
++ if(*itemend == ',' && *(itemend - 1) != '\\')
++ break;
+
+ itemend ++;
+ }
+@@ -417,13 +411,10 @@ int SLPUnionStringList(int list1len,
+ /* seek to the end of the next list item */
+ while(1)
+ {
+- if(itemend == listend || *itemend == ',')
+- {
+- if(*(itemend - 1) != '\\')
+- {
+- break;
+- }
+- }
++ if(itemend == listend)
++ break;
++ if(*itemend == ',' && *(itemend - 1) != '\\')
++ break;
+
+ itemend ++;
+ }
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/openslp.git/commit/?h=el5&id=7d4ecf94f98d0e7fc0d06742210fff014887f19b
More information about the scm-commits
mailing list