archivers/gcpio/patches/patch-aq


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

$NetBSD: patch-aq,v 1.1 2010/03/23 22:42:17 tez Exp $
fix CVE-2010-0624

--- lib/rtapelib.c.orig	2010-03-23 16:14:45.037892500 -0500
+++ lib/rtapelib.c	2010-03-23 16:16:25.765812000 -0500
@@ -573,6 +573,9 @@
       || (status = get_status (handle)) == SAFE_READ_ERROR)
     return SAFE_READ_ERROR;
 
+  if (status > length)
+    return SAFE_READ_ERROR;
+
   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
     {
       rlen = safe_read (READ_SIDE (handle), buffer, status - counter);