pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia/xine-lib Add missing bound check in HTTP Pl...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/8c2852e59d6e
branches:  trunk
changeset: 515297:8c2852e59d6e
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri Jun 30 13:51:40 2006 +0000

description:
Add missing bound check in HTTP Plugin "xineplug_inp_http.so".
This fixes the vulnerability reported in CVE-2006-2802.

diffstat:

 multimedia/xine-lib/Makefile         |   4 ++--
 multimedia/xine-lib/distinfo         |   3 ++-
 multimedia/xine-lib/patches/patch-az |  14 ++++++++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)

diffs (49 lines):

diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile      Fri Jun 30 13:47:06 2006 +0000
+++ b/multimedia/xine-lib/Makefile      Fri Jun 30 13:51:40 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.37 2006/06/12 16:28:13 wiz Exp $
+# $NetBSD: Makefile,v 1.38 2006/06/30 13:51:40 tron Exp $
 
 .include "Makefile.common"
 
-PKGREVISION=           9
+PKGREVISION=           10
 
 COMMENT=               Multimedia player library
 
diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo      Fri Jun 30 13:47:06 2006 +0000
+++ b/multimedia/xine-lib/distinfo      Fri Jun 30 13:51:40 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2006/06/26 17:13:36 wiz Exp $
+$NetBSD: distinfo,v 1.32 2006/06/30 13:51:40 tron Exp $
 
 SHA1 (xine-lib-1.0.3a.tar.gz) = 2efe9bc3d85659731e8c679d2c60901a6101f17b
 RMD160 (xine-lib-1.0.3a.tar.gz) = 335abfaa46c4592a22246f75c3a455cd87b7cdc4
@@ -28,6 +28,7 @@
 SHA1 (patch-aw) = 78ab44197a6b9f85e4b272d522ce254de4d557dc
 SHA1 (patch-ax) = 18101c0a19f510455496fc75a10eebf3b28acde9
 SHA1 (patch-ay) = 9e2a551de0cf00b4801809b9893734e0d63878ce
+SHA1 (patch-az) = e2d392fb295d51d90dc5fa6b672bcac9dcd5a04f
 SHA1 (patch-ba) = c4a5fbe9d88d21a90fe01359ace7831f2a865c86
 SHA1 (patch-bb) = 40978e50dcb060a2b8314b310a68684e62e90bc2
 SHA1 (patch-bd) = 5352293022da25b08598d42655af2524ff99b28a
diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/patches/patch-az
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-az      Fri Jun 30 13:51:40 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-az,v 1.1 2006/06/30 13:51:40 tron Exp $
+
+--- src/input/input_http.c     2006-06-30 14:18:35.000000000 +0100
++++ src/input/input_http.c.orig        2005-07-17 22:49:59.000000000 +0100
+@@ -765,7 +765,8 @@
+        printf ("input_http: read...\n");
+     */
+ 
+-    if (_x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
++    if (len == sizeof(this->buf) ||
++        _x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
+       return 0;
+     }
+ 



Home | Main Index | Thread Index | Old Index