f705b2b3cc
problems noted in CAN-2004-0914:
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
used in XFree86 and other packages, include (1) multiple integer
overflows, (2) out-of-bounds memory accesses, (3) directory
traversal, (4) shell metacharacter, (5) endless loops, and (6)
memory leaks, which could allow remote attackers to obtain
sensitive information, cause a denial of service (application
crash), or execute arbitary code via a certain XPM image file.
Bump PKGREVISION to 4. Since this is a security-related fix, also
bump the BUILDLINK_RECOMMENDED version for this package.
33 lines
1 KiB
Text
33 lines
1 KiB
Text
$NetBSD: patch-ai,v 1.2 2005/06/14 18:10:37 jlam Exp $
|
|
|
|
--- lib/hashtab.c.orig 1998-03-19 14:51:00.000000000 -0500
|
|
+++ lib/hashtab.c
|
|
@@ -135,15 +135,17 @@ HashTableGrows(table)
|
|
xpmHashTable *table;
|
|
{
|
|
xpmHashAtom *atomTable = table->atomTable;
|
|
- int size = table->size;
|
|
+ unsigned int size = table->size;
|
|
xpmHashAtom *t, *p;
|
|
int i;
|
|
- int oldSize = size;
|
|
+ unsigned int oldSize = size;
|
|
|
|
t = atomTable;
|
|
HASH_TABLE_GROWS
|
|
table->size = size;
|
|
table->limit = size / 3;
|
|
+ if (size >= UINT_MAX / sizeof(*atomTable))
|
|
+ return (XpmNoMemory);
|
|
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
|
|
if (!atomTable)
|
|
return (XpmNoMemory);
|
|
@@ -204,6 +206,8 @@ xpmHashTableInit(table)
|
|
table->size = INITIAL_HASH_SIZE;
|
|
table->limit = table->size / 3;
|
|
table->used = 0;
|
|
+ if (table->size >= UINT_MAX / sizeof(*atomTable))
|
|
+ return (XpmNoMemory);
|
|
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
|
|
if (!atomTable)
|
|
return (XpmNoMemory);
|