Control: tags -1 + confirmed
On Sat, 2015-03-14 at 15:36 +0000, Jean-Michel Nirgal Vourgère wrote:
> * memo_zero_len_multipage fixes a buffer overflow while handling some
> memo fields.
+- if (tmpoff + len - 4 > memo_len) {
++ if (tmpoff + len - 4 > memo_len)
+ break;
+- }
++
++ /* Stop processing on zero length multiple page memo
fields */
I'm not really sure what that first change is doing in the patch, as it
changes nothing functionally.
Can "len" ever be a non-zero value that's still less than 4? If so the
memcpy just after the section changed by the patch looks like it won't
do the right thing.
> * bin_output_fix fixes blob output, because of a source destination
> inversion in a memcpy.
+Description: Fix binary outout
s/outout/output/
Other than that the patches look reasonable enough; please go ahead.
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
