diff options
| author | drochner <drochner> | 2011-04-08 12:19:17 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2011-04-08 12:19:17 +0000 |
| commit | 156bb81444552820db8bf7aba57e848788ae8008 (patch) | |
| tree | d34258f0125c2112e0f0d89ee033d45c03e6cf91 /net | |
| parent | 60e4f60decc534a5ea9ccfb121029f0840e39af4 (diff) | |
| download | pkgsrc-156bb81444552820db8bf7aba57e848788ae8008.tar.gz | |
add a patch from upstream to avoid an endless loop in the extensions
parser on malicious packets (CVE-2010-3609)
Diffstat (limited to 'net')
| -rw-r--r-- | net/openslp/Makefile | 4 | ||||
| -rw-r--r-- | net/openslp/distinfo | 3 | ||||
| -rw-r--r-- | net/openslp/patches/patch-al | 27 |
3 files changed, 31 insertions, 3 deletions
diff --git a/net/openslp/Makefile b/net/openslp/Makefile index 6fd67a0d942..838131c9e5e 100644 --- a/net/openslp/Makefile +++ b/net/openslp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.37 2011/03/24 12:32:59 obache Exp $ +# $NetBSD: Makefile,v 1.38 2011/04/08 12:19:17 drochner Exp $ DISTNAME= openslp-1.2.1 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openslp/} diff --git a/net/openslp/distinfo b/net/openslp/distinfo index ccd401bbbb4..64bd452dea8 100644 --- a/net/openslp/distinfo +++ b/net/openslp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2007/04/12 17:03:46 adam Exp $ +$NetBSD: distinfo,v 1.16 2011/04/08 12:19:17 drochner Exp $ SHA1 (openslp-1.2.1.tar.gz) = 47ab19154084d2b467f09525f5351e9ab7193cf9 RMD160 (openslp-1.2.1.tar.gz) = a31d516ba784ad893a740946082fe5e0f15a37ea @@ -10,3 +10,4 @@ SHA1 (patch-ah) = f15c497b19f4bfc4efbd5cce0b50932733115824 SHA1 (patch-ai) = 11baa3ef891677f1df78f75b93001580ff450e13 SHA1 (patch-aj) = 8e1d32772cf59a938a4d9d9d0957d223f4ea6c06 SHA1 (patch-ak) = e64ede590e4af9d8951177b68c4bbf1b56ebdfae +SHA1 (patch-al) = 19fa24e2ac362c3e45413826cd139ced984e8adc diff --git a/net/openslp/patches/patch-al b/net/openslp/patches/patch-al new file mode 100644 index 00000000000..9729ac2e9f3 --- /dev/null +++ b/net/openslp/patches/patch-al @@ -0,0 +1,27 @@ +$NetBSD: patch-al,v 1.1 2011/04/08 12:19:17 drochner Exp $ + +CVE-2010-3609 + +--- common/slp_message.c.orig 2005-03-02 17:00:31.000000000 +0000 ++++ common/slp_message.c +@@ -872,11 +872,20 @@ int ParseExtension(SLPBuffer buffer, SLP + int extid; + int nextoffset; + int result = SLP_ERROR_OK; ++ int bufsz = (int)(buffer->end - buffer->start); + + nextoffset = message->header.extoffset; + while(nextoffset) + { ++ /* check for circular reference in list ++ * if the size gets below zero, we know we're ++ * reprocessing extensions in a loop. ++ */ ++ bufsz -= 5; ++ if (bufsz <= 0) ++ return SLP_ERROR_PARSE_ERROR; + buffer->curpos = buffer->start + nextoffset; ++ + if(buffer->curpos + 5 >= buffer->end) + { + /* Extension takes us past the end of the buffer */ |