cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Fix buffer overflow vulnerability.

Browse Source 
- Bump PORTREVISION

Approved by:	simon (secteam)
Security:	http://www.vuxml.org/freebsd/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html
This commit is contained in:
Martin Wilke 2007-07-31 13:27:00 +00:00
parent 8f6f0ed784
commit c4c6d40438
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=196823
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
print/cups-base/Makefile
View File

@ -7,7 +7,7 @@
PORTNAME= cups
PORTVERSION= 1.2.11
PORTREVISION= 2
PORTREVISION= 3
DISTVERSIONSUFFIX= -source
CATEGORIES= print
MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION}

23
print/cups-base/files/patch-CVE-2007-3387 Normal file
View File

@ -0,0 +1,23 @@
--- pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100
+++ pdftops/Stream.cxx 2007-07-31 15:05:53.000000000 +0200
@@ -411,15 +411,13 @@
ok = gFalse;
nVals = width * nComps;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits ||
- nVals * nBits + 7 < 0) {
- return;
- }
pixBytes = (nComps * nBits + 7) >> 3;
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
- if (rowBytes <= 0) {
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
return;
}
predLine = (Guchar *)gmalloc(rowBytes);