diff options
| author | tron <tron@pkgsrc.org> | 2006-06-30 13:51:40 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2006-06-30 13:51:40 +0000 |
| commit | 4a8936affa97f6673ca9dbe89c4556382283818a (patch) | |
| tree | 177ba6f5cdfb1058ca3d7b15f31b208217571f28 /multimedia | |
| parent | 7f23278ad40b3f621421911bd5d4c4cdfdd0651f (diff) | |
| download | pkgsrc-4a8936affa97f6673ca9dbe89c4556382283818a.tar.gz | |
Add missing bound check in HTTP Plugin "xineplug_inp_http.so".
This fixes the vulnerability reported in CVE-2006-2802.
Diffstat (limited to 'multimedia')
| -rw-r--r-- | multimedia/xine-lib/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/xine-lib/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/xine-lib/patches/patch-az | 14 |
3 files changed, 18 insertions, 3 deletions
diff --git a/multimedia/xine-lib/Makefile b/multimedia/xine-lib/Makefile index 3b0f860159d..d5424027ae5 100644 --- a/multimedia/xine-lib/Makefile +++ b/multimedia/xine-lib/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2006/06/12 16:28:13 wiz Exp $ +# $NetBSD: Makefile,v 1.38 2006/06/30 13:51:40 tron Exp $ .include "Makefile.common" -PKGREVISION= 9 +PKGREVISION= 10 COMMENT= Multimedia player library diff --git a/multimedia/xine-lib/distinfo b/multimedia/xine-lib/distinfo index 8bc7c9a1e63..021a680e08e 100644 --- a/multimedia/xine-lib/distinfo +++ b/multimedia/xine-lib/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.31 2006/06/26 17:13:36 wiz Exp $ +$NetBSD: distinfo,v 1.32 2006/06/30 13:51:40 tron Exp $ SHA1 (xine-lib-1.0.3a.tar.gz) = 2efe9bc3d85659731e8c679d2c60901a6101f17b RMD160 (xine-lib-1.0.3a.tar.gz) = 335abfaa46c4592a22246f75c3a455cd87b7cdc4 @@ -28,6 +28,7 @@ SHA1 (patch-av) = 635ec9b332cacc02882822d8f78871f1d9377d27 SHA1 (patch-aw) = 78ab44197a6b9f85e4b272d522ce254de4d557dc SHA1 (patch-ax) = 18101c0a19f510455496fc75a10eebf3b28acde9 SHA1 (patch-ay) = 9e2a551de0cf00b4801809b9893734e0d63878ce +SHA1 (patch-az) = e2d392fb295d51d90dc5fa6b672bcac9dcd5a04f SHA1 (patch-ba) = c4a5fbe9d88d21a90fe01359ace7831f2a865c86 SHA1 (patch-bb) = 40978e50dcb060a2b8314b310a68684e62e90bc2 SHA1 (patch-bd) = 5352293022da25b08598d42655af2524ff99b28a diff --git a/multimedia/xine-lib/patches/patch-az b/multimedia/xine-lib/patches/patch-az new file mode 100644 index 00000000000..f9906e8826d --- /dev/null +++ b/multimedia/xine-lib/patches/patch-az @@ -0,0 +1,14 @@ +$NetBSD: patch-az,v 1.1 2006/06/30 13:51:40 tron Exp $ + +--- src/input/input_http.c 2006-06-30 14:18:35.000000000 +0100 ++++ src/input/input_http.c.orig 2005-07-17 22:49:59.000000000 +0100 +@@ -765,7 +765,8 @@ + printf ("input_http: read...\n"); + */ + +- if (_x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) { ++ if (len == sizeof(this->buf) || ++ _x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) { + return 0; + } + |