Home Explore Help
Sign In
jimmy
/
ood-ports-lbsd
Watch 1
Star 0
Fork 1
Files Issues 1 Pull Requests 1 Wiki
Tree: a27cb9d239
Branches Tags
ood-ports-lbsd
/
textproc
/
antiword
/
patches
/
patch-wordole_c

patch-wordole_c 703 B
History Raw

1234567891011121314151617181920 
  1. $OpenBSD: patch-wordole_c,v 1.2 2014/12/02 12:22:05 jasper Exp $
    2. 

  2. 

  3. Prevent overflow of atPPSlist[].szName[] (CVE-2014-8123)
    4. 

  4. http://seclists.org/oss-sec/2014/q4/870
    5. 

  5. 

  6. --- wordole.c.orig	Fri Aug 26 20:49:57 2005
    7. 

  7. +++ wordole.c	Mon Dec  1 17:06:15 2014
    8. 

  8. @@ -259,6 +259,11 @@ bGetPPS(FILE *pFile,
    9. 

  9.  		}
    10. 

  10.  		tNameSize = (size_t)usGetWord(0x40, aucBytes);
    11. 

  11.  		tNameSize = (tNameSize + 1) / 2;
    12. 

  12. +		if (tNameSize >= sizeof(atPPSlist[0].szName)) {
    13. 

  13. +			werr(0, "PPS %d appears to be invalid.", iIndex);
    14. 

  14. +			atPPSlist = xfree(atPPSlist);
    15. 

  15. +			return FALSE;
    16. 

  16. +		}
    17. 

  17.  		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
    18. 

  18.  		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
    19. 

  19.  		if (atPPSlist[iIndex].ucType == 5) {
    20. 

  20.