x11/gv/CVE-2006-5864.patch

   1 # --- SDE-COPYRIGHT-NOTE-BEGIN ---
   2 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
   3 #
   4 # Filename: package/.../gv/CVE-2006-5864.patch
   5 # Copyright (C) 2006 The OpenSDE Project
   6 #
   7 # More information can be found in the files COPYING and README.
   8 #
   9 # This patch file is dual-licensed. It is available under the license the
  10 # patched project is licensed under, as long as it is an OpenSource license
  11 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  12 # of the GNU General Public License as published by the Free Software
  13 # Foundation; either version 2 of the License, or (at your option) any later
  14 # version.
  15 # --- SDE-COPYRIGHT-NOTE-END ---
  16
  17 CVE-2006-5864 from submaster by daja77
  18 https://www.rocklinux.net/submaster/index.websplb?mode=patch&uid=2006112114050583380
  19
  20 --- ./src/ps.c.sec2     2006-11-09 17:31:34.000000000 +0000
  21 +++ ./src/ps.c  2006-11-09 17:37:07.000000000 +0000
  22 @@ -1423,6 +1423,8 @@
  23         quoted=1;
  24         line++;
  25         while (*line && !(*line == ')' && level == 0 )) {
  26 +           if (cp - text >= PSLINELENGTH - 2)
  27 +               break;
  28             if (*line == '\\') {
  29                 if (*(line+1) == 'n') {
  30                     *cp++ = '\n';
  31 @@ -1477,8 +1479,11 @@
  32             }
  33         }
  34      } else {
  35 -       while (*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
  36 +       while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) {
  37 +           if (cp - text >= PSLINELENGTH - 2)
  38 +               break;
  39             *cp++ = *line++;
  40 +       }
  41      }
  42      *cp = '\0';
  43      if (next_char) *next_char = line;