git Service des IN-Ulm e.V. Erkunden Hilfe
Anmelden
cbiedl
/
file
1
0
Fork 0
Dateien Pull-Requests 0 Wiki
Struktur: 100a062b42
Branches Tags
file
/
debian
/
patches
/
CVE-2014-3480.patch

CVE-2014-3480.patch 1.0 KB
Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334 
  1. made apply cleanly based on
    2. 

  2. 

  3. commit 40bade80cbe2af1d0b2cd0420cebd5d5905a2382
    4. 

  4. Author: Christos Zoulas <christos@zoulas.com>
    5. 

  5. Date:   Wed Jun 4 17:23:19 2014 +0000
    6. 

  6. 

  7.     Fix incorrect bounds check for sector count. (Francisco Alonso and Jan Kaluza
    8. 

  8.     at RedHat)
    9. 

  9. 

  10. diff --git a/src/cdf.c b/src/cdf.c
    11. 

  11. index 375406c..6652581 100644
    12. 

  12. --- a/src/cdf.c
    13. 

  13. +++ b/src/cdf.c
    14. 

  14. @@ -460,7 +460,8 @@ size_t
    15. 

  15.  cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
    16. 

  16.  {
    17. 

  17.  	size_t i, j;
    18. 

  18. -	cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size);
    19. 

  19. +	cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size)
    20. 

  20. +	    / sizeof(maxsector));
    21. 

  21.  
    22. 

  22.  	DPRINTF(("Chain:"));
    23. 

  23.  	for (j = i = 0; sid >= 0; i++, j++) {
    24. 

  24. @@ -470,8 +470,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
    25. 

  25.  			errno = EFTYPE;
    26. 

  26.  			return (size_t)-1;
    27. 

  27.  		}
    28. 

  28. -		if (sid > maxsector) {
    29. 

  29. -			DPRINTF(("Sector %d > %d\n", sid, maxsector));
    30. 

  30. +		if (sid >= maxsector) {
    31. 

  31. +			DPRINTF(("Sector %d >= %d\n", sid, maxsector));
    32. 

  32.  			errno = EFTYPE;
    33. 

  33.  			return (size_t)-1;
    34. 

  34.  		}
    35.