Blame SOURCES/openslp-2.0.0-cve-2017-17833.patch

3caeb8
diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
3caeb8
--- openslp-2.0.0/slpd/slpd_process.c.orig	2018-05-09 13:08:06.185104375 +0200
3caeb8
+++ openslp-2.0.0/slpd/slpd_process.c	2018-05-09 13:07:21.017095089 +0200
3caeb8
@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
3caeb8
          message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
3caeb8
    {
3caeb8
       errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
3caeb8
+
3caeb8
+      if (result != *sendbuf)
3caeb8
+      {
3caeb8
+         // The pointer stored at *sendbuf can be modified by a realloc
3caeb8
+         // operation in ProcessDASrvRqst().  Fix up the local copy of
3caeb8
+         // that pointer if necessary.
3caeb8
+         result = *sendbuf;
3caeb8
+      }
3caeb8
+
3caeb8
       if (errorcode == 0)
3caeb8
       {
3caeb8
          /* Since we have an errorcode of 0, we were successful,