git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 9f4445eb2e
Branches Tags
file
/
debian
/
patches
/
CVE-2014-3487.patch

CVE-2014-3487.patch 1016 B
History Raw

1234567891011121314151617181920212223242526272829 
  1. Subject: The cdf_read_property_info function does not properly validate a stream offset
    2. 

  2. ID: CVE-2014-3487
    3. 

  3. Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Mon Jun 9 13:04:37 2014 +0000
    5. 

  5. Origin:
    6. 

  6.     commit 93e063ee374b6a75729df9e7201fb511e47e259d
    7. 

  7. Debian-Author: Holger Levsen <holger@debian.org>
    8. 

  8. Comment:
    9. 

  9.  made apply cleanly based on [origin]
    10. 

  10. Reviewed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
    11. 

  11. Last-Update: 2014-09-07
    12. 

  12. 

  13.     Add missing check offset test (Francisco Alonso, Jan Kaluza at RedHat)
    14. 

  14. 

  15. --- a/src/cdf.c
    16. 

  16. +++ b/src/cdf.c
    17. 

  17. @@ -802,7 +802,11 @@
    18. 

  18.  	if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
    19. 

  19.  		goto out;
    20. 

  20.  	for (i = 0; i < sh.sh_properties; i++) {
    21. 

  21. -		size_t ofs = CDF_GETUINT32(p, (i << 1) + 1);
    22. 

  22. +		size_t tail = (i << 1) + 1;
    23. 

  23. +		if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
    24. 

  24. +		    __LINE__) == -1)
    25. 

  25. +			goto out;
    26. 

  26. +		size_t ofs = CDF_GETUINT32(p, tail);
    27. 

  27.  		q = (const uint8_t *)(const void *)
    28. 

  28.  		    ((const char *)(const void *)p + ofs
    29. 

  29.  		    - 2 * sizeof(uint32_t));
    30.