openbsd-ports/devel/libgtop/patches/patch-src_daemon_gnuserv_c

$OpenBSD: patch-src_daemon_gnuserv_c,v 1.1 2003/05/10 02:46:54 marcm Exp $
--- src/daemon/gnuserv.c.orig	Fri May  9 17:06:45 2003
+++ src/daemon/gnuserv.c	Fri May  9 17:09:13 2003
@@ -200,6 +200,12 @@ permitted (u_long host_addr, int fd)
 
 	auth_data_len = atoi (buf);
 
+	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+		syslog_message(LOG_WARNING,
+			       "Invalid data length supplied by client");
+		return FALSE;
+	}
+
 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
 	    return FALSE;
Security fix: addresses remote buffer overflow referenced here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928 from MAINTAINER 2003-05-09 22:46:54 -04:00			$OpenBSD: patch-src_daemon_gnuserv_c,v 1.1 2003/05/10 02:46:54 marcm Exp $
			`--- src/daemon/gnuserv.c.orig Fri May 9 17:06:45 2003`
			`+++ src/daemon/gnuserv.c Fri May 9 17:09:13 2003`
			`@@ -200,6 +200,12 @@ permitted (u_long host_addr, int fd)`

			`auth_data_len = atoi (buf);`

			`+ if (auth_data_len < 1 \|\| auth_data_len > sizeof(buf)) {`
			`+ syslog_message(LOG_WARNING,`
			`+ "Invalid data length supplied by client");`
			`+ return FALSE;`
			`+ }`
			`+`
			`if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)`
			`return FALSE;`