[gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2008-10-04 19:05 Robert Buchholz (rbu)
  0 siblings, 0 replies; 3+ messages in thread
From: Robert Buchholz (rbu) @ 2008-10-04 19:05 UTC (permalink / raw
  To: gentoo-commits

rbu         08/10/04 19:05:59

  Added:                tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
  Log:
  Fix stack based buffer overflow (security bug #229157)
  (Portage version: 2.2_rc11/cvs/Linux 2.6.25-gentoo-r6 x86_64)

Revision  Changes    Path
1.1                  net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.1&content-type=text/plain

Index: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
===================================================================
--- core_net.c	2006-10-17 13:09:56.000000000 +0200
+++ core_net.c.new	2008-06-20 14:59:42.000000000 +0200
@@ -845,11 +845,14 @@
             i = atoi(ptr[0]);
             free(ptr[0]);
 
+	    if(i < 0 || i > sizeof(buf) - 1)
+	        i = sizeof(buf) - 1;
 	    if (read(session->sd, buf, i) != i) {
                 strncpy(message, "Couldn't read UBX payload",
                         message_len - 1);
                 return -1;
             }
+	    buf[sizeof(buf) - 1] = 0;
 	    // parsing PSM, by gfhuang
 	    if(0 == i) buf[0] = 0;	//important, by gfhuang, when i=0, buf is untouched!
 






^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2008-10-04 19:09 Robert Buchholz (rbu)
  0 siblings, 0 replies; 3+ messages in thread
From: Robert Buchholz (rbu) @ 2008-10-04 19:09 UTC (permalink / raw
  To: gentoo-commits

rbu         08/10/04 19:09:40

  Modified:             tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
  Log:
  whoops, fix patch
  (Portage version: 2.2_rc11/cvs/Linux 2.6.25-gentoo-r6 x86_64)

Revision  Changes    Path
1.2                  net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?r1=1.1&r2=1.2

Index: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch	4 Oct 2008 19:05:58 -0000	1.1
+++ tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch	4 Oct 2008 19:09:39 -0000	1.2
@@ -1,5 +1,5 @@
---- core_net.c	2006-10-17 13:09:56.000000000 +0200
-+++ core_net.c.new	2008-06-20 14:59:42.000000000 +0200
+--- src/core_net.c	2006-10-17 13:09:56.000000000 +0200
++++ src/core_net.c.new	2008-06-20 14:59:42.000000000 +0200
 @@ -845,11 +845,14 @@
              i = atoi(ptr[0]);
              free(ptr[0]);






^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2009-03-01 21:01 Olivier Crete (tester)
  0 siblings, 0 replies; 3+ messages in thread
From: Olivier Crete (tester) @ 2009-03-01 21:01 UTC (permalink / raw
  To: gentoo-commits

tester      09/03/01 21:01:47

  Removed:              tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
  Log:
  Remove net-im/tsmnc, bug #240045



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-03-01 21:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-04 19:09 [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch Robert Buchholz (rbu)
  -- strict thread matches above, loose matches on Subject: below --
2009-03-01 21:01 Olivier Crete (tester)
2008-10-04 19:05 Robert Buchholz (rbu)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox