Package: abiword
Version: 2.2.9
Severity: important
Attached is a security patch for AbiWord that fix a buffer overflow
allowing to execute arbitrary code when importing a bogus RTF file.
Patch is already in upstream CVS, but I recommend to apply it for stable.
Thanks.
Hub
--
http://www.figuiere.net/hub/blog/
Index: src/wp/impexp/xp/ie_imp_RTF.cpp
===================================================================
RCS file: /cvsroot/abi/src/wp/impexp/xp/ie_imp_RTF.cpp,v
retrieving revision 1.347.2.18
retrieving revision 1.347.2.19
diff -u -p -u -r1.347.2.18 -r1.347.2.19
--- src/wp/impexp/xp/ie_imp_RTF.cpp 27 Jul 2005 15:20:30 -0000 1.347.2.18
+++ src/wp/impexp/xp/ie_imp_RTF.cpp 23 Sep 2005 16:37:41 -0000 1.347.2.19
@@ -7937,9 +7937,10 @@ bool IE_Imp_RTF::ReadOneFontFromTable(bo
FIXME: CJK font names come in form \'aa\'cd\'ef - so we have to
parse \'HH correctly (currently we ignore them!) - VH
*/
- while ( ch != '}' && ch != '\\' && ch != ';' && ch!= '{')
+ while ( ch != '}' && ch != '\\' && ch != ';' && ch!= '{' && count < MAX_KEYWORD_LEN)
{
- keyword[count++] = ch;
+ keyword[count] = ch;
+ count++;
if (!ReadCharFromFile(&ch))
{
return false;
