Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138873 Details for
Bug 105780
games-fps/uhexen2 (New Package)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
hexenworld Huffman vulnerability fix for uhexen2-1.4.2
HoT-1.4.2-fix-Huffman-vulnerability.patch (text/plain), 1.65 KB, created by
O.Sezer
on 2007-12-19 08:04:33 UTC
(
hide
)
Description:
hexenworld Huffman vulnerability fix for uhexen2-1.4.2
Filename:
MIME Type:
Creator:
O.Sezer
Created:
2007-12-19 08:04:33 UTC
Size:
1.65 KB
patch
obsolete
>fix issue announced at http://secunia.com/advisories/28124/ >the fix is already in the CVS for quite some time and will >be intergrated in the next release 1.4.3. > >diff -urNp hexen2source-1.4.2/hexenworld/Client/huffman.c hexen2source-1.4.2r1/hexenworld/Client/huffman.c >--- hexen2source-1.4.2/hexenworld/Client/huffman.c 2007-10-02 12:36:27.000000000 +0300 >+++ hexen2source-1.4.2r1/hexenworld/Client/huffman.c 2007-12-19 09:31:41.000000000 +0200 >@@ -226,15 +226,23 @@ void HuffDecode (unsigned char *in, unsi > int bits, tbits; > huffnode_t *tmp; > >+ --inlen; >+ if (inlen < 0) >+ { >+ *outlen = 0; >+ return; >+ } > if (*in == 0xff) > { >- if (inlen > 1) >- memcpy (out, in+1, inlen-1); >- *outlen = inlen-1; >+ if (inlen > maxlen) >+ memcpy (out, in+1, maxlen); >+ else if (inlen) >+ memcpy (out, in+1, inlen); >+ *outlen = inlen; > return; > } > >- tbits = (inlen-1)*8 - *in; >+ tbits = inlen*8 - *in; > bits = 0; > *outlen = 0; > >diff -urNp hexen2source-1.4.2/hw_utils/hwrcon/huffman.c hexen2source-1.4.2r1/hw_utils/hwrcon/huffman.c >--- hexen2source-1.4.2/hw_utils/hwrcon/huffman.c 2007-10-02 12:36:29.000000000 +0300 >+++ hexen2source-1.4.2r1/hw_utils/hwrcon/huffman.c 2007-12-19 09:32:07.000000000 +0200 >@@ -227,15 +227,23 @@ void HuffDecode (unsigned char *in, unsi > int bits, tbits; > huffnode_t *tmp; > >+ --inlen; >+ if (inlen < 0) >+ { >+ *outlen = 0; >+ return; >+ } > if (*in == 0xff) > { >- if (inlen > 1) >- memcpy (out, in+1, inlen-1); >- *outlen = inlen-1; >+ if (inlen > maxlen) >+ memcpy (out, in+1, maxlen); >+ else if (inlen) >+ memcpy (out, in+1, inlen); >+ *outlen = inlen; > return; > } > >- tbits = (inlen-1)*8 - *in; >+ tbits = inlen*8 - *in; > bits = 0; > *outlen = 0; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138873">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 105780
:
68340
|
72902
|
80515
|
85626
|
85671
|
90927
|
90928
|
90933
|
90945
|
94348
|
94404
|
101611
|
101681
|
101868
|
101980
|
116099
|
120877
|
120879
|
120881
|
126038
|
132502
|
132585
|
138873
|
148930
|
178887
|
240087
|
240127
|
290585
|
290643
|
290741
|
290743
|
308485
|
396606
|
401802
|
402094
