Security fix for CVE-2014-2892, heap-based buffer overflow
This commit is contained in:
jasper
parent
f776d36af0
commit
6e0861d267
@ -1,11 +1,11 @@
|
||||
# $OpenBSD: Makefile,v 1.9 2013/03/21 08:46:33 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.10 2014/05/22 11:53:36 jasper Exp $
|
||||
|
||||
COMMENT = library for parsing mms:// and mmsh:// type network streams
|
||||
|
||||
DISTNAME = libmms-0.6.2
|
||||
CATEGORIES = multimedia net
|
||||
MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=libmms/}
|
||||
REVISION= 0
|
||||
REVISION= 1
|
||||
|
||||
SHARED_LIBS = mms 1.0 #0.2
|
||||
|
||||
|
||||
@ -1,5 +1,2 @@
|
||||
MD5 (libmms-0.6.2.tar.gz) = n2OqNj3rSHTgcqRYUBYb/w==
|
||||
RMD160 (libmms-0.6.2.tar.gz) = wb+J90YOwgircYBRDbs2c9Z96lo=
|
||||
SHA1 (libmms-0.6.2.tar.gz) = ze9i/RoOJYXdIRH8lLAy+EKQ41E=
|
||||
SHA256 (libmms-0.6.2.tar.gz) = AZMbYhctfXBQ/J75sbZBYvO26fbMRBUXAZKjKgt+pDI=
|
||||
SIZE (libmms-0.6.2.tar.gz) = 340230
|
||||
|
||||
19
multimedia/libmms/patches/patch-src_mmsh_c
Normal file
19
multimedia/libmms/patches/patch-src_mmsh_c
Normal file
@ -0,0 +1,19 @@
|
||||
$OpenBSD: patch-src_mmsh_c,v 1.1 2014/05/22 11:53:36 jasper Exp $
|
||||
|
||||
Security fix for CVE-2014-2892, heap-based buffer overflow
|
||||
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
|
||||
|
||||
--- src/mmsh.c.orig Thu May 22 13:47:18 2014
|
||||
+++ src/mmsh.c Thu May 22 13:48:30 2014
|
||||
@@ -307,7 +307,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) {
|
||||
len = 0;
|
||||
}
|
||||
} else {
|
||||
- len ++;
|
||||
+ if (++len >= sizeof(this->buf)) {
|
||||
+ lprintf("answer too large\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
if (this->stream_type == MMSH_UNKNOWN) {
|
||||
Loading…
x
Reference in New Issue
Block a user