Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:GA
libmms
CVE-2014-2892.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-2892.patch of Package libmms
commit 03bcfccc22919c72742b7338d02859962861e0e8 Author: blutomat <blutomat@gmail.com> Date: Tue Apr 8 21:06:24 2014 -0600 Fix a possible heap memory overrun in get_answer(). Reported by Alex Chapman <acctxis@users.sf.net>. diff --git a/src/mmsh.c b/src/mmsh.c old mode 100644 new mode 100755 index a0928db..a019f05 --- a/src/mmsh.c +++ b/src/mmsh.c @@ -310,7 +310,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) { len = 0; } } else { - len ++; + if (++len >= sizeof(this->buf)) { + lprintf("answer too large\n"); + return 0; + } } } if (this->stream_type == MMSH_UNKNOWN) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor