rpms / libdmapsharing

Clone
Source Code
GIT

Blame SOURCES/0002-Avoid-OOB-read-with-buggy-servers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta
  1.   f51234fc86eeb782bf94a1befb63f24eace13eb1
  2.   SOURCES
  3.   0002-Avoid-OOB-read-with-buggy-servers.patch
Blob History Raw
f51234 
From 3e347fd3e8e7e20afc562268f27fd3c2b79f4d0e Mon Sep 17 00:00:00 2001
f51234 
From: Bastien Nocera <hadess@hadess.net>
f51234 
Date: Tue, 29 Oct 2013 11:37:15 +0100
f51234 
Subject: [PATCH 2/3] Avoid OOB read with buggy servers
f51234
f51234 
If the server doesn't start the Content-Range field with "bytes="
f51234 
we would have an out-of-bounds read trying to parse the content
f51234 
of that field. Fall back to a 0 offset when a parsing error occurs.
f51234
f51234 
See https://bugzilla.redhat.com/show_bug.cgi?id=1024020
f51234
f51234 
https://bugzilla.gnome.org/show_bug.cgi?id=711063
f51234 
---
f51234 
 libdmapsharing/daap-share.c | 9 +++++++--
f51234 
 1 file changed, 7 insertions(+), 2 deletions(-)
f51234
f51234 
diff --git a/libdmapsharing/daap-share.c b/libdmapsharing/daap-share.c
f51234 
index 66cdfe6..e182055 100644
f51234 
--- a/libdmapsharing/daap-share.c
f51234 
+++ b/libdmapsharing/daap-share.c
f51234 
@@ -922,8 +922,13 @@ databases_items_xxx (DMAPShare * share,
f51234 
 		const gchar *s;
f51234 
 		gchar *content_range;
f51234
f51234 
-		s = range_header + strlen ("bytes=");	/* bytes= */
f51234 
-		offset = atoll (s);
f51234 
+		if (!g_ascii_strncasecmp (range_header, "bytes=", strlen("bytes="))) {
f51234 
+			/* Not starting with "bytes=" ? */
f51234 
+			offset = 0;
f51234 
+		} else {
f51234 
+			s = range_header + strlen ("bytes=");	/* bytes= */
f51234 
+			offset = atoll (s);
f51234 
+		}
f51234
f51234 
 		content_range =
f51234 
 			g_strdup_printf ("bytes %" G_GUINT64_FORMAT "-%"
f51234 
--
f51234 
1.8.3.1
f51234

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation