diff options
author | Peter Volkov <pva@gentoo.org> | 2008-04-01 19:34:37 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2008-04-01 19:34:37 +0000 |
commit | bb8796e15c027351c1efd407ef1232addbda2be6 (patch) | |
tree | 11030ecbeedb02c36cf8cf234a0723aeac6cefdb /net-print/cups/files | |
parent | amd64 stable, bug #214068 (diff) | |
download | gentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.tar.gz gentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.tar.bz2 gentoo-2-bb8796e15c027351c1efd407ef1232addbda2be6.zip |
Fixing overflow in gif image filter, security bug #214068, thank Robert Buchholz for report.
(Portage version: 2.1.4.4)
Diffstat (limited to 'net-print/cups/files')
-rw-r--r-- | net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch b/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch new file mode 100644 index 000000000000..8a7383f4e096 --- /dev/null +++ b/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch @@ -0,0 +1,23 @@ +Index: cups-1.3.6/filter/image-gif.c +=================================================================== +--- cups-1.3.6.orig/filter/image-gif.c ++++ cups-1.3.6/filter/image-gif.c +@@ -38,6 +38,8 @@ + #define GIF_INTERLACE 0x40 + #define GIF_COLORMAP 0x80 + ++#define MAX_LWZ_BITS 12 ++ + typedef cups_ib_t gif_cmap_t[256][4]; + typedef short gif_table_t[4096]; + +@@ -462,6 +464,9 @@ gif_read_image(FILE *fp, /* I - + pass = 0; + code_size = getc(fp); + ++ if (code_size > MAX_LWZ_BITS) ++ return (-1); ++ + if (!pixels) + return (-1); + |