| 1234567891011121314151617181920212223242526272829303132333435363738 |
- Description: Filename buffer overflow fix
- This patch fixes a security hole by a bad buffer size handling.
- Author: Roland Stigge <stigge@antcom.de>
- Bug-Debian: http://bugs.debian.org/645118
- --- a/src/libjasper/include/jasper/jas_stream.h
- +++ b/src/libjasper/include/jasper/jas_stream.h
- @@ -77,6 +77,7 @@
- #include <jasper/jas_config.h>
-
- #include <stdio.h>
- +#include <limits.h>
- #if defined(JAS_HAVE_FCNTL_H)
- #include <fcntl.h>
- #endif
- @@ -99,6 +100,12 @@ extern "C" {
- #define O_BINARY 0
- #endif
-
- +#ifdef PATH_MAX
- +#define JAS_PATH_MAX PATH_MAX
- +#else
- +#define JAS_PATH_MAX 4096
- +#endif
- +
- /*
- * Stream open flags.
- */
- @@ -251,7 +258,7 @@ typedef struct {
- typedef struct {
- int fd;
- int flags;
- - char pathname[L_tmpnam + 1];
- + char pathname[JAS_PATH_MAX + 1];
- } jas_stream_fileobj_t;
-
- #define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
|
