Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 155169 Details for
Bug 224051
net-nntp/pan <0.132-r3 Buffer overflow parsing *.nzb files (CVE-2008-2363)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from RedHat bugzilla
pan-0.132-parts-fix.patch (text/plain), 2.69 KB, created by
Arun Raghavan (RETIRED)
on 2008-06-01 21:57:46 UTC
(
hide
)
Description:
patch from RedHat bugzilla
Filename:
MIME Type:
Creator:
Arun Raghavan (RETIRED)
Created:
2008-06-01 21:57:46 UTC
Size:
2.69 KB
patch
obsolete
>diff -ur --exclude 'config*' --exclude '*desktop' --exclude '*list' pan-0.132.inc/pan/data/parts.cc pan-0.132/pan/data/parts.cc >--- pan-0.132.inc/pan/data/parts.cc 2007-08-01 13:00:01.000000000 -0400 >+++ pan-0.132/pan/data/parts.cc 2008-05-27 22:27:03.000000000 -0400 >@@ -303,8 +303,7 @@ > this->n_parts_total = n_parts_total; > this->n_parts_found = 0; // they haven't been added yet > >- if (n_parts_found > parts.size()) >- parts.resize (n_parts_found); >+ parts.clear(); > } > > void >@@ -312,21 +311,10 @@ > const StringView & mid, > bytes_t bytes) > { >- if (n_parts_found >= parts.size()) >- parts.resize (n_parts_found+1); >- >- Part& p = *(&parts.front() + n_parts_found++); >- p.number = number; >- p.bytes = bytes; > > Packer packer; > pack_message_id (packer, mid, reference_mid); >- p.len_used = packer.size (); >- if (p.len_alloced < p.len_used) { >- delete [] p.packed_mid; >- p.packed_mid = new char [p.len_used]; >- p.len_alloced = p.len_used; >- } >+ Part p(number,bytes,packer.size()); > packer.pack (p.packed_mid); > packed_mids_len += p.len_used; > >@@ -337,8 +325,9 @@ > assert (mid == tmp); > #endif > >- if (n_parts_total < n_parts_found) >+ if (n_parts_total < ++n_parts_found) > n_parts_total = n_parts_found; >+ parts.push_back(p); > } > > PartBatch :: Part& >@@ -346,7 +335,7 @@ > { > number = that.number; > bytes = that.bytes; >- len_used = len_alloced = that.len_used; >+ len_used = that.len_used; > delete [] packed_mid; > packed_mid = new char [len_used]; > memcpy (packed_mid, that.packed_mid, len_used); >@@ -357,11 +346,17 @@ > number (that.number), > bytes (that.bytes), > len_used (that.len_used), >- len_alloced (that.len_used), > packed_mid (new char [len_used]) > { > memcpy (packed_mid, that.packed_mid, len_used); > } >+PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l): >+ number(n), >+ bytes(b), >+ len_used(l), >+ packed_mid(new char [len_used]) >+{ >+} > > void > PartBatch :: sort (void) >diff -ur --exclude 'config*' --exclude '*desktop' --exclude '*list' pan-0.132.inc/pan/data/parts.h pan-0.132/pan/data/parts.h >--- pan-0.132.inc/pan/data/parts.h 2007-08-01 13:00:01.000000000 -0400 >+++ pan-0.132/pan/data/parts.h 2008-05-27 22:27:03.000000000 -0400 >@@ -141,10 +141,10 @@ > number_t number; > bytes_t bytes; > size_t len_used; >- size_t len_alloced; > char * packed_mid; > Part(): number(0), bytes(0), >- len_used(0), len_alloced(0), packed_mid(0) {} >+ len_used(0), packed_mid(0) {} >+ Part(number_t n, bytes_t b, size_t l); > ~Part() { delete [] packed_mid; } > Part (const Part&); > Part& operator= (const Part&);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 224051
: 155169