Fix buffer overflow vulnerability. Release 1.0.14.
This commit is contained in:
Andrew Sobala
@@ -1,3 +1,7 @@
|
|||||||
|
2003-05-11 Andrew Sobala <aes@gnome.org>
|
||||||
|
|
||||||
|
* up version to 1.0.14
|
||||||
|
|
||||||
2002-12-11 Stanislav Brabec <sbrabec@suse.cz>
|
2002-12-11 Stanislav Brabec <sbrabec@suse.cz>
|
||||||
|
|
||||||
* sysdeps/guile/Makefile.am, sysdeps/guile/names/Makefile.am:
|
* sysdeps/guile/Makefile.am, sysdeps/guile/names/Makefile.am:
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
#
|
#
|
||||||
LIBGTOP_MAJOR_VERSION=1
|
LIBGTOP_MAJOR_VERSION=1
|
||||||
LIBGTOP_MINOR_VERSION=0
|
LIBGTOP_MINOR_VERSION=0
|
||||||
LIBGTOP_MICRO_VERSION=13
|
LIBGTOP_MICRO_VERSION=14
|
||||||
|
|
||||||
LIBGTOP_INTERFACE_AGE=12
|
LIBGTOP_INTERFACE_AGE=12
|
||||||
LIBGTOP_BINARY_AGE=12
|
LIBGTOP_BINARY_AGE=12
|
||||||
|
|||||||
@@ -1,3 +1,7 @@
|
|||||||
|
2003-05-11 Andrew Sobala <aes@gnome.org>
|
||||||
|
|
||||||
|
* gnuserv.c: (permitted): fix buffer overflow vulnerability
|
||||||
|
|
||||||
2001-11-26 Kevin Vandersloot <kfv101@psu.edu>
|
2001-11-26 Kevin Vandersloot <kfv101@psu.edu>
|
||||||
|
|
||||||
* gnuserv.c: Apply patch fixing security issue from
|
* gnuserv.c: Apply patch fixing security issue from
|
||||||
|
|||||||
@@ -200,6 +200,11 @@ permitted (u_long host_addr, int fd)
|
|||||||
|
|
||||||
auth_data_len = atoi (buf);
|
auth_data_len = atoi (buf);
|
||||||
|
|
||||||
|
if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
|
||||||
|
syslog_message(LOG_WARNING, "Invalid data length supplied by client");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
|
if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user