dc949b3d50
a patch upstream nor anywhere else, hope this is correct. Someone please review. Being here, fix a memcpy() size bug on 64-bit systems. bump PKGREV
42 lines
1.3 KiB
Text
42 lines
1.3 KiB
Text
$NetBSD: patch-CVE-2012-4428,v 1.1 2013/02/14 16:51:32 drochner Exp $
|
|
|
|
try to prevent list overrun (upstream code is completely rewritten)
|
|
|
|
--- common/slp_compare.c.orig 2005-02-15 20:07:43.000000000 +0000
|
|
+++ common/slp_compare.c
|
|
@@ -270,9 +270,9 @@ int SLPContainsStringList(int listlen,
|
|
itembegin = itemend;
|
|
|
|
/* seek to the end of the next list item */
|
|
- while(1)
|
|
+ while(itemend != listend)
|
|
{
|
|
- if(itemend == listend || *itemend == ',')
|
|
+ if(*itemend == ',')
|
|
{
|
|
if(*(itemend - 1) != '\\')
|
|
{
|
|
@@ -326,9 +326,9 @@ int SLPIntersectStringList(int list1len,
|
|
itembegin = itemend;
|
|
|
|
/* seek to the end of the next list item */
|
|
- while(1)
|
|
+ while(itemend != listend)
|
|
{
|
|
- if(itemend == listend || *itemend == ',')
|
|
+ if(*itemend == ',')
|
|
{
|
|
if(*(itemend - 1) != '\\')
|
|
{
|
|
@@ -415,9 +415,9 @@ int SLPUnionStringList(int list1len,
|
|
itembegin = itemend;
|
|
|
|
/* seek to the end of the next list item */
|
|
- while(1)
|
|
+ while(itemend != listend)
|
|
{
|
|
- if(itemend == listend || *itemend == ',')
|
|
+ if(*itemend == ',')
|
|
{
|
|
if(*(itemend - 1) != '\\')
|
|
{
|