mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-21 04:06:46 +00:00
Code Issues Releases Activity

Fix the buffer overflow vulnerability in the HTTP input plugin.

Browse Source 
Submitted by:	Tijl Coosemans <tijl@ulyssis.org>
Security: 	http://secunia.com/advisories/20369
Security:	CVE-2006-2802
This commit is contained in:
MANTANI Nobutaka 2006-06-11 12:49:42 +00:00
parent 06c0ecf843
commit 0931ab52f4
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=165101
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
multimedia/libxine/Makefile
View File

@ -7,7 +7,7 @@
PORTNAME= xine
PORTVERSION= 1.1.1
PORTREVISION= 5
PORTREVISION= 6
CATEGORIES= multimedia ipv6
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}

15
multimedia/libxine/files/patch-src_input_input_http.c Normal file
View File

@ -0,0 +1,15 @@
--- src/input/input_http.c.orig Tue Jun 6 21:16:04 2006
+++ src/input/input_http.c Tue Jun 6 21:22:34 2006
@@ -895,6 +895,12 @@
len = 0;
} else
len ++;
+ if ( len >= BUFSIZE ) {
+ _x_message(this->stream, XINE_MSG_PERMISSION_ERROR, this->mrl, NULL);
+ xine_log (this->stream->xine, XINE_LOG_MSG,
+ _("input_http: buffer exhausted after %d bytes."), BUFSIZE);
+ return 0;
+ }
}
lprintf ("end of headers\n");