openbsd-ports/games/freeciv/patches/patch-common_packets_c

$OpenBSD: patch-common_packets_c,v 1.1 2012/12/18 20:09:08 jasper Exp $

Security fix for CVE-2012-5645
freeciv: DoS (memory exhaustion or excessive CPU consumption) via malformed network packets

Backported from:
http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670

--- common/packets.c.orig	Sat Jul 16 21:12:04 2011
+++ common/packets.c	Tue Dec 18 21:03:04 2012
@@ -363,6 +363,16 @@ void *get_packet_from_connection(struct connection *pc
     return NULL;		/* not all data has been read */
   }
 
+  if (whole_packet_len < header_size) {
+    freelog(LOG_ERROR, "The packet size is reported to be less than header alone. "
+                "The connection will be closed now.");
+    CLOSE_FUN close_callback = close_socket_get_callback();
+    assert(close_callback);
+    (*close_callback) (pc);
+    
+    return NULL;
+  }
+  
 #ifdef USE_COMPRESSION
   if (compressed_packet) {
     uLong compressed_size = whole_packet_len - header_size;