/[packages]/updates/1/gpsd/current/SOURCES/gpsd-3.3-CVE-2013-2038.patch
ViewVC logotype

Contents of /updates/1/gpsd/current/SOURCES/gpsd-3.3-CVE-2013-2038.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 412171 - (show annotations) (download)
Fri May 3 16:45:22 2013 UTC (8 years, 3 months ago) by luigiwalser
File size: 738 byte(s)
add upstream patch to fix potential DoS (CVE-2013-2038)
1 From 08edc49d8f63c75bfdfb480b083b0d960310f94f Mon Sep 17 00:00:00 2001
2 From: Eric S. Raymond <esr@thyrsus.com>
3 Date: Thu, 11 Apr 2013 02:22:34 +0000
4 Subject: Address Savannah bug #38511:
5
6 ais_context->bitlen <= sizeof(ais_context->bits)/8 is not checked
7 ---
8 diff --git a/driver_aivdm.c b/driver_aivdm.c
9 index 8d6ebd0..e663290 100644
10 --- a/driver_aivdm.c
11 +++ b/driver_aivdm.c
12 @@ -195,6 +195,10 @@ static bool aivdm_decode(const char *buf, size_t buflen,
13 (1 << (7 - ais_context->bitlen % 8));
14 }
15 ais_context->bitlen++;
16 + if (ais_context->bitlen > sizeof(ais_context->bits)) {
17 + gpsd_report(LOG_INF, "overlong AIVDM payload truncated.\n");
18 + return false;
19 + }
20 }
21 /*@ +shiftnegative @*/
22 }
23 --
24 cgit v0.9.0.2

  ViewVC Help
Powered by ViewVC 1.1.28