Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138279 Details for
Bug 201570
net-print/cups < 1.2.12-r4 SNMP backend buffer overflow (CVE-2007-5849)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
cups-CVE-2007-5849.patch
cups-CVE-2007-5849.patch (text/plain), 1017 bytes, created by
Timo Gurr (RETIRED)
on 2007-12-11 21:26:22 UTC
(
hide
)
Description:
cups-CVE-2007-5849.patch
Filename:
MIME Type:
Creator:
Timo Gurr (RETIRED)
Created:
2007-12-11 21:26:22 UTC
Size:
1017 bytes
patch
obsolete
>diff -Naur cups-1.3.4/backend/snmp.c cups-1.3.4.new/backend/snmp.c >--- cups-1.3.4/backend/snmp.c 2007-07-11 23:46:42.000000000 +0200 >+++ cups-1.3.4.new/backend/snmp.c 2007-12-10 12:56:12.680574919 +0100 >@@ -1064,18 +1064,38 @@ > char *string, /* I - String buffer */ > int strsize) /* I - String buffer size */ > { >- if (length < strsize) >+ if (length < 0) > { >- memcpy(string, *buffer, length); >+ /* >+ * Disallow negative lengths! >+ */ >+ >+ fprintf(stderr, "ERROR: Bad ASN1 string length %d!\n", length); >+ *string = '\0'; >+ } >+ else if (length < strsize) >+ { >+ /* >+ * String is smaller than the buffer... >+ */ >+ >+ if (length > 0) >+ memcpy(string, *buffer, length); >+ > string[length] = '\0'; > } > else > { >+ /* >+ * String is larger than the buffer... >+ */ >+ > memcpy(string, buffer, strsize - 1); > string[strsize - 1] = '\0'; > } > >- (*buffer) += length; >+ if (length > 0) >+ (*buffer) += length; > > return (string); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 201570
:
137954
|
138275
|
138277
| 138279 |
138281