Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch')
-rw-r--r--net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch94
1 files changed, 94 insertions, 0 deletions
diff --git a/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch b/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch
new file mode 100644
index 000000000000..2d54fa04bfce
--- /dev/null
+++ b/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch
@@ -0,0 +1,94 @@
+See
+http://www.openwall.com/lists/oss-security/2016/09/27/4
+https://bugs.gentoo.org/show_bug.cgi?id=595542
+
+diff -r 598821da69f2 -r 34fb3aa5e6b4 openslp/common/slp_compare.c
+--- a/common/slp_compare.c Sat Jun 08 15:14:45 2013 -0600
++++ b/common/slp_compare.c Mon Nov 30 20:50:12 2015 -0700
+@@ -194,7 +194,8 @@
+ * @return The new (shorter) length of @p str.
+ *
+ * @note This routine assumes that leading and trailing white space have
+- * already been removed from @p str.
++ * already been removed from @p str. It also assumes that @p str may
++ * not be null-terminated.
+ */
+ static int SLPFoldWhiteSpace(size_t len, char * str)
+ {
+@@ -203,11 +204,11 @@
+ {
+ if (isspace(*p))
+ {
+- char * ws2p = ++p; /* Point ws2p to the second ws char. */
+- while (isspace(*p)) /* Scan till we hit a non-ws char. */
++ char * ws2p = ++p; /* Point ws2p to the second ws char. */
++ while (p < ep && isspace(*p)) /* Scan till we hit a non-ws char. */
+ p++;
+- len -= p - ws2p; /* Reduce the length by extra ws. */
+- memmove(ws2p, p, ep - p); /* Overwrite the extra white space. */
++ len -= p - ws2p; /* Reduce the length by extra ws. */
++ memmove(ws2p, p, ep - p); /* Overwrite the extra white space. */
+ }
+ p++;
+ }
+@@ -821,6 +822,50 @@
+
+ #ifdef SLP_COMPARE_TEST
+
++/* Test boundary conditions of SLPFoldWhiteSpace. */
++static int test_SLPFoldWhiteSpace(void)
++{
++ static char test_str0[] = " ";
++ static char test_str1[] = "Blah";
++ static char test_str3[] = "Blah blah";
++ static char test_str4[] = "Blah blah";
++ static char test_str5[] = "Blah blah blah";
++ static char test_str8[] = " Blah blah";
++ static char test_str9[] = " Blah blah";
++ static char test_strC[] = "Blah blah ";
++ static char test_strD[] = "Blah blah xxxx";
++
++ static char * test_strs[] =
++ {
++ test_str0, test_str0, test_str0, test_str1, test_strC,
++ test_str3, test_str4, test_str5, test_strC, test_strC,
++ test_str8, test_str9, test_strC, test_strD,
++ };
++
++ static int test_lens[] =
++ {
++ 0, 1, 2, 4, 9, 10, 11, 15, 10, 11, 10, 11, 11, 11,
++ };
++
++ static int test_fins[] =
++ {
++ 0, 1, 1, 4, 9, 9, 9, 14, 10, 10, 10, 10, 10, 10,
++ };
++
++#define MAX_BUFSZ 32
++
++ int i;
++ for (i = 0; i < sizeof(test_strs) / sizeof(*test_strs); ++i)
++ {
++ char test_buf[MAX_BUFSZ];
++ memmove(test_buf, test_strs[i], test_lens[i]);
++ int len = SLPFoldWhiteSpace(test_lens[i], test_buf);
++ if (len != test_fins[i])
++ return -1;
++ }
++ return 0;
++}
++
+ /* ---------------- Test main for the slp_compare.c module ----------------
+ *
+ * Compile with:
+@@ -840,6 +885,9 @@
+
+ int count;
+
++ if (test_SLPFoldWhiteSpace() != 0)
++ return -1;
++
+ /* *** SLPContainsStringList ***
+ */
+ count = SLPContainsStringList(sizeof lst1 - 1, lst1, sizeof str1 - 1, str1);