Fix buffer overflow vulnerability in p5-Tk derived from old code (CVE-2006-4484).

Approved-by: joerg

2 files changed, 30 insertions, 0 deletions

diff --git a/x11/p5-Tk/patches/patch-af b/x11/p5-Tk/patches/patch-af
new file mode 100644
index 00000000000..b58e9baeb99
--- /dev/null
+++ b/x11/p5-Tk/patches/patch-af
@@ -0,0 +1,15 @@
+$NetBSD: patch-af,v 1.1 2008/04/01 15:51:25 tonnerre Exp $
+
+Fix buffer overflow vulnerability derived from old code (CVE-2006-4484).
+
+--- pTk/mTk/additions/imgGIF.c.orig	2003-12-23 18:00:44.000000000 +0100
++++ pTk/mTk/additions/imgGIF.c
+@@ -776,7 +776,7 @@ ReadImage(interp, imagePtr, handle, len,
+     /*
+      *  Initialize the decoder
+      */
+-    if (! ReadOK(handle,&initialCodeSize,1))  {
++    if (! ReadOK(handle,&initialCodeSize,1) || initialCodeSize > MAX_LWZ_BITS)  {
+ 	Tcl_AppendResult(interp, "error reading GIF image: ",
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
diff --git a/x11/p5-Tk/patches/patch-ag b/x11/p5-Tk/patches/patch-ag
new file mode 100644
index 00000000000..291f53b457e
--- /dev/null
+++ b/x11/p5-Tk/patches/patch-ag
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2008/04/01 15:51:25 tonnerre Exp $
+
+Fix buffer overflow vulnerability derived from old code (CVE-2006-4484).
+
+--- pTk/mTk/generic/tkImgGIF.c.orig	2004-02-29 11:20:28.000000000 +0100
++++ pTk/mTk/generic/tkImgGIF.c
+@@ -826,7 +826,7 @@ ReadImage(interp, imagePtr, chan, len, r
+     /*
+      *  Initialize the decoder
+      */
+-    if (! ReadOK(chan, &initialCodeSize, 1))  {
++    if (! ReadOK(chan, &initialCodeSize, 1) || initialCodeSize > MAX_LWZ_BITS)  {
+ 	Tcl_AppendResult(interp, "error reading GIF image: ",
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;