diff options
| author | Andrew Sobala <aes@src.gnome.org> | 2003-05-11 14:36:55 +0000 |
|---|---|---|
| committer | Andrew Sobala <aes@src.gnome.org> | 2003-05-11 14:36:55 +0000 |
| commit | 012ae5faea5b56d5f2439107c95d69bd8186f8c6 (patch) | |
| tree | 494762cc59282a17cb9d519f7490da393a649014 | |
| parent | 34abd9ae80d217fe7c8234522ff5d8ab38ca334d (diff) | |
| download | libgtop-012ae5faea5b56d5f2439107c95d69bd8186f8c6.tar.gz | |
Fix buffer overflow vulnerability. Release 1.0.14.LIBGTOP_1_0_14
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | LIBGTOP-VERSION | 2 | ||||
| -rw-r--r-- | src/daemon/ChangeLog | 4 | ||||
| -rw-r--r-- | src/daemon/gnuserv.c | 5 |
4 files changed, 14 insertions, 1 deletions
@@ -1,3 +1,7 @@ +2003-05-11 Andrew Sobala <aes@gnome.org> + + * up version to 1.0.14 + 2002-12-11 Stanislav Brabec <sbrabec@suse.cz> * sysdeps/guile/Makefile.am, sysdeps/guile/names/Makefile.am: diff --git a/LIBGTOP-VERSION b/LIBGTOP-VERSION index 497f0f69..fbee28ee 100644 --- a/LIBGTOP-VERSION +++ b/LIBGTOP-VERSION @@ -8,7 +8,7 @@ # LIBGTOP_MAJOR_VERSION=1 LIBGTOP_MINOR_VERSION=0 -LIBGTOP_MICRO_VERSION=13 +LIBGTOP_MICRO_VERSION=14 LIBGTOP_INTERFACE_AGE=12 LIBGTOP_BINARY_AGE=12 diff --git a/src/daemon/ChangeLog b/src/daemon/ChangeLog index 511275a0..9ced60a3 100644 --- a/src/daemon/ChangeLog +++ b/src/daemon/ChangeLog @@ -1,3 +1,7 @@ +2003-05-11 Andrew Sobala <aes@gnome.org> + + * gnuserv.c: (permitted): fix buffer overflow vulnerability + 2001-11-26 Kevin Vandersloot <kfv101@psu.edu> * gnuserv.c: Apply patch fixing security issue from diff --git a/src/daemon/gnuserv.c b/src/daemon/gnuserv.c index 9f43a0ee..7d26600a 100644 --- a/src/daemon/gnuserv.c +++ b/src/daemon/gnuserv.c @@ -200,6 +200,11 @@ permitted (u_long host_addr, int fd) auth_data_len = atoi (buf); + if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { + syslog_message(LOG_WARNING, "Invalid data length supplied by client"); + return FALSE; + } + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) return FALSE; |