Add missing bound check in HTTP Plugin "xineplug_inp_http.so".

This fixes the vulnerability reported in CVE-2006-2802.
author: tron <tron> 2006-06-30 13:51:40 +0000
committer: tron <tron> 2006-06-30 13:51:40 +0000
commit: cc0c9d58e8c3ceb1934bdc6140da96783841925c (patch)
tree: 177ba6f5cdfb1058ca3d7b15f31b208217571f28 /multimedia/xine-lib/patches
parent: 952152bf8eb45df7b8e9067daa3486a556c9fbea (diff)
download: pkgsrc-cc0c9d58e8c3ceb1934bdc6140da96783841925c.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/multimedia/xine-lib/patches/patch-az b/multimedia/xine-lib/patches/patch-az
new file mode 100644
index 00000000000..f9906e8826d
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-az
@@ -0,0 +1,14 @@
+$NetBSD: patch-az,v 1.1 2006/06/30 13:51:40 tron Exp $
+
+--- src/input/input_http.c	2006-06-30 14:18:35.000000000 +0100
++++ src/input/input_http.c.orig	2005-07-17 22:49:59.000000000 +0100
+@@ -765,7 +765,8 @@
+        printf ("input_http: read...\n");
+     */
+ 
+-    if (_x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
++    if (len == sizeof(this->buf) ||
++        _x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
+       return 0;
+     }
+
author	tron <tron>	2006-06-30 13:51:40 +0000
committer	tron <tron>	2006-06-30 13:51:40 +0000
commit	cc0c9d58e8c3ceb1934bdc6140da96783841925c (patch)
tree	177ba6f5cdfb1058ca3d7b15f31b208217571f28 /multimedia/xine-lib/patches
parent	952152bf8eb45df7b8e9067daa3486a556c9fbea (diff)
download	pkgsrc-cc0c9d58e8c3ceb1934bdc6140da96783841925c.tar.gz