Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 137954 Details for
Bug 201570
net-print/cups < 1.2.12-r4 SNMP backend buffer overflow (CVE-2007-5849)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cups-SNMP-CVE-2007-5849.patch
cups-SNMP-CVE-2007-5849.patch (text/plain), 935 bytes, created by
Robert Buchholz (RETIRED)
on 2007-12-07 09:32:59 UTC
(
hide
)
Description:
cups-SNMP-CVE-2007-5849.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-07 09:32:59 UTC
Size:
935 bytes
patch
obsolete
>=================================================================== >--- backend/snmp.c (revision 530) >+++ backend/snmp.c (working copy) >@@ -1064,18 +1064,38 @@ > char *string, /* I - String buffer */ > int strsize) /* I - String buffer size */ >{ >- if (length < strsize) >+ if (length < 0) > { >- memcpy(string, *buffer, length); >+ /* >+ * Disallow negative lengths! >+ */ >+ >+ fprintf(stderr, "ERROR: Bad ASN1 string length %d!\n", length); >+ *string = '\0'; >+ } >+ else if (length < strsize) >+ { >+ /* >+ * String is smaller than the buffer... >+ */ >+ >+ if (length > 0) >+ memcpy(string, *buffer, length); >+ > string[length] = '\0'; > } > else > { >+ /* >+ * String is larger than the buffer... >+ */ >+ > memcpy(string, buffer, strsize - 1); > string[strsize - 1] = '\0'; > } > >- (*buffer) += length; >+ if (length > 0) >+ (*buffer) += length; > > return (string); >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=137954">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201570
:
137954
|
138275
|
138277
|
138279
|
138281
