diff options
Diffstat (limited to 'meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch')
-rw-r--r-- | meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch b/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch deleted file mode 100644 index fd1b95847c..0000000000 --- a/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch +++ /dev/null @@ -1,54 +0,0 @@ -cups CVE-2011-3170 - -the patch come from: -http://cups.org/strfiles/3914/str3914.patch - -The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and -earlier does not properly handle the first code word in an LZW stream, -which allows remote attackers to trigger a heap-based buffer overflow, -and possibly execute arbitrary code, via a crafted stream, a different -vulnerability than CVE-2011-2896. -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 - -Integrated-by: Li Wang <li.wang@windriver.com> ---- - filter/image-gif.c | 14 +++++++++----- - 1 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/filter/image-gif.c b/filter/image-gif.c -index 9542704..3857c21 100644 ---- a/filter/image-gif.c -+++ b/filter/image-gif.c -@@ -654,11 +654,13 @@ gif_read_lzw(FILE *fp, /* I - File to read from */ - - if (code >= max_code) - { -- *sp++ = firstcode; -- code = oldcode; -+ if (sp < (stack + 8192)) -+ *sp++ = firstcode; -+ -+ code = oldcode; - } - -- while (code >= clear_code) -+ while (code >= clear_code && sp < (stack + 8192)) - { - *sp++ = table[1][code]; - if (code == table[0][code]) -@@ -667,8 +669,10 @@ gif_read_lzw(FILE *fp, /* I - File to read from */ - code = table[0][code]; - } - -- *sp++ = firstcode = table[1][code]; -- code = max_code; -+ if (sp < (stack + 8192)) -+ *sp++ = firstcode = table[1][code]; -+ -+ code = max_code; - - if (code < 4096) - { --- -1.7.0.5 - |