From 012ae5faea5b56d5f2439107c95d69bd8186f8c6 Mon Sep 17 00:00:00 2001
From: Andrew Sobala <aes@src.gnome.org>
Date: Sun, 11 May 2003 14:36:55 +0000
Subject: Fix buffer overflow vulnerability. Release 1.0.14.

---
 ChangeLog            | 4 ++++
 LIBGTOP-VERSION      | 2 +-
 src/daemon/ChangeLog | 4 ++++
 src/daemon/gnuserv.c | 5 +++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8821c266..1d4dc00c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2003-05-11  Andrew Sobala  <aes@gnome.org>
+
+	* up version to 1.0.14
+
 2002-12-11  Stanislav Brabec  <sbrabec@suse.cz>
 
 	* sysdeps/guile/Makefile.am, sysdeps/guile/names/Makefile.am:
diff --git a/LIBGTOP-VERSION b/LIBGTOP-VERSION
index 497f0f69..fbee28ee 100644
--- a/LIBGTOP-VERSION
+++ b/LIBGTOP-VERSION
@@ -8,7 +8,7 @@
 #
 LIBGTOP_MAJOR_VERSION=1
 LIBGTOP_MINOR_VERSION=0
-LIBGTOP_MICRO_VERSION=13
+LIBGTOP_MICRO_VERSION=14
 
 LIBGTOP_INTERFACE_AGE=12
 LIBGTOP_BINARY_AGE=12
diff --git a/src/daemon/ChangeLog b/src/daemon/ChangeLog
index 511275a0..9ced60a3 100644
--- a/src/daemon/ChangeLog
+++ b/src/daemon/ChangeLog
@@ -1,3 +1,7 @@
+2003-05-11  Andrew Sobala  <aes@gnome.org>
+
+	* gnuserv.c: (permitted): fix buffer overflow vulnerability
+
 2001-11-26  Kevin Vandersloot <kfv101@psu.edu>
 
 	* gnuserv.c: Apply patch fixing security issue from
diff --git a/src/daemon/gnuserv.c b/src/daemon/gnuserv.c
index 9f43a0ee..7d26600a 100644
--- a/src/daemon/gnuserv.c
+++ b/src/daemon/gnuserv.c
@@ -200,6 +200,11 @@ permitted (u_long host_addr, int fd)
 
 	auth_data_len = atoi (buf);
 
+	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+	    syslog_message(LOG_WARNING, "Invalid data length supplied by client");
+	    return FALSE;
+	}
+
 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
 	    return FALSE;
 
-- 
cgit v1.2.1