git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: squeeze/5.
Branches Tags
file
/
debian
/
patches
/
CVE-2014-3487.patch

CVE-2014-3487.patch 884 B
Permalink History Raw

12345678910111213141516171819202122232425 
  1. made apply cleanly based on 
    2. 

  2. 

  3. commit 93e063ee374b6a75729df9e7201fb511e47e259d
    4. 

  4. Author: Christos Zoulas <christos@zoulas.com>
    5. 

  5. Date:   Mon Jun 9 13:04:37 2014 +0000
    6. 

  6. 

  7.     Add missing check offset test (Francisco Alonso, Jan Kaluza at RedHat)
    8. 

  8. 

  9. diff --git a/src/cdf.c b/src/cdf.c
    10. 

  10. index 0bfb31a..c258e82 100644
    11. 

  11. --- a/src/cdf.c
    12. 

  12. +++ b/src/cdf.c
    13. 

  13. @@ -802,7 +802,11 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
    14. 

  14.  	if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
    15. 

  15.  		goto out;
    16. 

  16.  	for (i = 0; i < sh.sh_properties; i++) {
    17. 

  17. -		size_t ofs = CDF_GETUINT32(p, (i << 1) + 1);
    18. 

  18. +		size_t tail = (i << 1) + 1;
    19. 

  19. +		if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
    20. 

  20. +		    __LINE__) == -1)
    21. 

  21. +			goto out;
    22. 

  22. +		size_t ofs = CDF_GETUINT32(p, tail);
    23. 

  23.  		q = (const uint8_t *)(const void *)
    24. 

  24.  		    ((const char *)(const void *)p + ofs
    25. 

  25.  		    - 2 * sizeof(uint32_t));
    26.