git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: b9b0055e03
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_19-18-g0641e56.CVE-2014-3587.patch

cherry-pick.FILE5_19-18-g0641e56.CVE-2014-3587.patch 784 B
History Raw

123456789101112131415161718192021222324 
  1. Subject: Integer overflow in the cdf_read_property_info function allows remote attackers to cause a denial of service
    2. 

  2. ID: CVE-2014-3587
    3. 

  3. Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Thu Aug 7 09:38:35 2014 +0000
    5. 

  5. Origin:
    6. 

  6. commit 0641e56be1af003aa02c7c6b0184466540637233
    7. 

  7. Debian-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
    8. 

  8. Last-Update: 2014-09-07
    9. 

  9. 

  10.     Prevent wrap around (Remi Collet at redhat)
    11. 

  11. 

  12. --- a/src/cdf.c
    13. 

  13. +++ b/src/cdf.c
    14. 

  14. @@ -824,6 +824,10 @@ cdf_read_property_info(const cdf_stream_
    15. 

  15.  		q = (const uint8_t *)(const void *)
    16. 

  16.  		    ((const char *)(const void *)p + ofs
    17. 

  17.  		    - 2 * sizeof(uint32_t));
    18. 

  18. +		if (q < p) {
    19. 

  19. +			DPRINTF(("Wrapped around %p < %p\n", q, p));
    20. 

  20. +			goto out;
    21. 

  21. +		}
    22. 

  22.  		if (q > e) {
    23. 

  23.  			DPRINTF(("Ran of the end %p > %p\n", q, e));
    24. 

  24.  			goto out;
    25.