rpms / openslp

Clone
Source Code
GIT

Blame SOURCES/openslp-2.0.0-cve-2017-17833.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   42efb72ae53a7e7430c4ed205280e841c5f631d1
  2.   SOURCES
  3.   openslp-2.0.0-cve-2017-17833.patch
Blob History Raw
42efb7 
diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
42efb7 
--- openslp-2.0.0/slpd/slpd_process.c.orig	2018-05-09 13:08:06.185104375 +0200
42efb7 
+++ openslp-2.0.0/slpd/slpd_process.c	2018-05-09 13:07:21.017095089 +0200
42efb7 
@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
42efb7 
          message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
42efb7 
    {
42efb7 
       errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
42efb7 
+
42efb7 
+      if (result != *sendbuf)
42efb7 
+      {
42efb7 
+         // The pointer stored at *sendbuf can be modified by a realloc
42efb7 
+         // operation in ProcessDASrvRqst().  Fix up the local copy of
42efb7 
+         // that pointer if necessary.
42efb7 
+         result = *sendbuf;
42efb7 
+      }
42efb7 
+
42efb7 
       if (errorcode == 0)
42efb7 
       {
42efb7 
          /* Since we have an errorcode of 0, we were successful,

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation