Author: dj
Date: 2005-07-27 23:28:17 -0600 (Wed, 27 Jul 2005)
New Revision: 1030
Modified:
trunk/openoffice/OOo_1.1.4-security-1.patch
Log:
Official upstream patch instead
Modified: trunk/openoffice/OOo_1.1.4-security-1.patch
===================================================================
--- trunk/openoffice/OOo_1.1.4-security-1.patch 2005-07-28 05:09:14 UTC (rev
1029)
+++ trunk/openoffice/OOo_1.1.4-security-1.patch 2005-07-28 05:28:17 UTC (rev
1030)
@@ -1,27 +1,18 @@
Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
Date: 2005-07-28
Initial Package Version: 1.1.4
-Origin: CVS
-Description: Fixes overflow condition (see comments below)
+Origin: OOo-1.1.5 (official upstream change)
+Description: Fixes overflow condition - OOo Issue# 46388
Upstream Status: Accepted
--- ooo-build-orig/sot/source/sdstor/stgole.cxx 2005-07-27
23:53:22.000000000 -0500
-+++ ooo-build/sot/source/sdstor/stgole.cxx 2005-07-28 00:00:14.000000000
-0500
-@@ -157,7 +157,16 @@
++++ ooo-build/sot/source/sdstor/stgole.cxx 2005-07-28 00:22:34.000000000
-0500
+@@ -156,6 +156,8 @@
+ *this >> aClsId;
INT32 nLen1 = 0;
*this >> nLen1;
++ // the higher bits are ignored
++ nLen1 &= 0xFFFF;
sal_Char* p = new sal_Char[ (USHORT) nLen1 ];
-- if( Read( p, nLen1 ) == (ULONG) nLen1 )
-+/*
-+
-+ * This is bad...16 bit value to alocate memory ^^ but 32 bits for length if
-+
-+ if( Read( p, nLen1 ) == (ULONG) nLen1 )
-+
-+ * So mask the higher bits to avoid overflow attack
-+
-+*/
-+ if( Read( p, nLen1&0xFFFF ) == (ULONG) (nLen1&0xFFFF) )
+ if( Read( p, nLen1 ) == (ULONG) nLen1 )
{
- aUserName = String( p, gsl_getSystemTextEncoding() );
- /* // Now we can read the CB format
--
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
