summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2008-04-01 19:34:37 +0000
committerPeter Volkov <pva@gentoo.org>2008-04-01 19:34:37 +0000
commitbb8796e15c027351c1efd407ef1232addbda2be6 (patch)
tree11030ecbeedb02c36cf8cf234a0723aeac6cefdb /net-print/cups/files
parentamd64 stable, bug #214068 (diff)
downloadgentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.tar.gz
gentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.tar.bz2
gentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.zip
Fixing overflow in gif image filter, security bug #214068, thank Robert Buchholz for report.
(Portage version: 2.1.4.4)
Diffstat (limited to 'net-print/cups/files')
-rw-r--r--net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch b/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch
new file mode 100644
index 000000000000..8a7383f4e096
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch
@@ -0,0 +1,23 @@
+Index: cups-1.3.6/filter/image-gif.c
+===================================================================
+--- cups-1.3.6.orig/filter/image-gif.c
++++ cups-1.3.6/filter/image-gif.c
+@@ -38,6 +38,8 @@
+ #define GIF_INTERLACE 0x40
+ #define GIF_COLORMAP 0x80
+
++#define MAX_LWZ_BITS 12
++
+ typedef cups_ib_t gif_cmap_t[256][4];
+ typedef short gif_table_t[4096];
+
+@@ -462,6 +464,9 @@ gif_read_image(FILE *fp, /* I -
+ pass = 0;
+ code_size = getc(fp);
+
++ if (code_size > MAX_LWZ_BITS)
++ return (-1);
++
+ if (!pixels)
+ return (-1);
+