Security fix for CAN-2005-2370

"Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2 and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message." Bump PKGREVISION, patch from Gaim CVS.
author: salo <salo@pkgsrc.org> 2005-08-05 14:33:53 +0000
committer: salo <salo@pkgsrc.org> 2005-08-05 14:33:53 +0000
commit: 4b8982cf8f75b002169cbb36a517a814758780f0 (patch)
tree: b3b3876f6fc3fdef3d2da39c487305cc6f487bb6 /chat/gaim/patches
parent: 4e7d7334f71dfade234ddb51c524fb7db4e66235 (diff)
download: pkgsrc-4b8982cf8f75b002169cbb36a517a814758780f0.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/chat/gaim/patches/patch-ae b/chat/gaim/patches/patch-ae
new file mode 100644
index 00000000000..c6ad1d130db
--- /dev/null
+++ b/chat/gaim/patches/patch-ae
@@ -0,0 +1,20 @@
+$NetBSD: patch-ae,v 1.3 2005/08/05 14:33:53 salo Exp $
+
+Fix for CAN-2005-2370, from Gaim CVS.
+
+--- src/protocols/gg/libgg.c.orig	2005-03-02 12:53:57.000000000 +0100
++++ src/protocols/gg/libgg.c	2005-08-05 15:38:42.000000000 +0200
+@@ -1098,8 +1098,11 @@
+ 
+ 			    e->event.status60.descr = buf;
+ 
+-			    if (len > 4 && p[h->length - 5] == 0)
+-				    e->event.status60.time = *((int*) (p + h->length - 4));
++			    if (len > 4 && p[h->length - 5] == 0) {
++				    uint32_t t;
++				    memcpy(&t, p + h->length - 4, sizeof(uint32_t));
++				    e->event.status60.time = t;
++			    }
+ 		    }
+ 
+ 		    break;
author	salo <salo@pkgsrc.org>	2005-08-05 14:33:53 +0000
committer	salo <salo@pkgsrc.org>	2005-08-05 14:33:53 +0000
commit	4b8982cf8f75b002169cbb36a517a814758780f0 (patch)
tree	b3b3876f6fc3fdef3d2da39c487305cc6f487bb6 /chat/gaim/patches
parent	4e7d7334f71dfade234ddb51c524fb7db4e66235 (diff)
download	pkgsrc-4b8982cf8f75b002169cbb36a517a814758780f0.tar.gz