hwoarang 14/12/22 15:35:47 Added: antiword-0.37-CVE-2014-8123.patch Log: Revbump to apply security patch. Thanks to Corentin LABBE (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!)
Revision Changes Path 1.1 app-text/antiword/files/antiword-0.37-CVE-2014-8123.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/antiword/files/antiword-0.37-CVE-2014-8123.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/antiword/files/antiword-0.37-CVE-2014-8123.patch?rev=1.1&content-type=text/plain Index: antiword-0.37-CVE-2014-8123.patch =================================================================== index 8a95fb9..7797d1f 100644 --- a/wordole.c +++ b/wordole.c @@ -259,6 +259,11 @@ bGetPPS(FILE *pFile, } tNameSize = (size_t)usGetWord(0x40, aucBytes); tNameSize = (tNameSize + 1) / 2; + if (tNameSize >= sizeof(atPPSlist[0].szName)) { + werr(0, "PPS %d appears to be invalid.", iIndex); + atPPSlist = xfree(atPPSlist); + return FALSE; + } vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); if (atPPSlist[iIndex].ucType == 5) { -- 2.1.2
