Author: megabajt Date: Mon Jul 28 12:35:31 2008 GMT Module: SOURCES Tag: HEAD ---- Log message: - fix for CVE-2008-2363
---- Files affected: SOURCES: pan-CVE-2008-2363.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/pan-CVE-2008-2363.patch diff -u /dev/null SOURCES/pan-CVE-2008-2363.patch:1.1 --- /dev/null Mon Jul 28 14:35:32 2008 +++ SOURCES/pan-CVE-2008-2363.patch Mon Jul 28 14:35:26 2008 @@ -0,0 +1,93 @@ +https://bugs.gentoo.org/show_bug.cgi?id=224051 +https://bugzilla.gnome.org/show_bug.cgi?id=535413 +https://bugzilla.redhat.com/show_bug.cgi?id=446902 + +--- pan-0.132/pan/data/parts.cc ++++ pan-0.132/pan/data/parts.cc +@@ -303,8 +303,7 @@ + this->n_parts_total = n_parts_total; + this->n_parts_found = 0; // they haven't been added yet + +- if (n_parts_found > parts.size()) +- parts.resize (n_parts_found); ++ parts.clear(); + } + + void +@@ -312,21 +311,10 @@ + const StringView & mid, + bytes_t bytes) + { +- if (n_parts_found >= parts.size()) +- parts.resize (n_parts_found+1); +- +- Part& p = *(&parts.front() + n_parts_found++); +- p.number = number; +- p.bytes = bytes; + + Packer packer; + pack_message_id (packer, mid, reference_mid); +- p.len_used = packer.size (); +- if (p.len_alloced < p.len_used) { +- delete [] p.packed_mid; +- p.packed_mid = new char [p.len_used]; +- p.len_alloced = p.len_used; +- } ++ Part p(number,bytes,packer.size()); + packer.pack (p.packed_mid); + packed_mids_len += p.len_used; + +@@ -337,8 +325,9 @@ + assert (mid == tmp); + #endif + +- if (n_parts_total < n_parts_found) ++ if (n_parts_total < ++n_parts_found) + n_parts_total = n_parts_found; ++ parts.push_back(p); + } + + PartBatch :: Part& +@@ -346,7 +335,7 @@ + { + number = that.number; + bytes = that.bytes; +- len_used = len_alloced = that.len_used; ++ len_used = that.len_used; + delete [] packed_mid; + packed_mid = new char [len_used]; + memcpy (packed_mid, that.packed_mid, len_used); +@@ -357,11 +346,17 @@ + number (that.number), + bytes (that.bytes), + len_used (that.len_used), +- len_alloced (that.len_used), + packed_mid (new char [len_used]) + { + memcpy (packed_mid, that.packed_mid, len_used); + } ++PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l): ++ number(n), ++ bytes(b), ++ len_used(l), ++ packed_mid(new char [len_used]) ++{ ++} + + void + PartBatch :: sort (void) +--- pan-0.132/pan/data/parts.h ++++ pan-0.132/pan/data/parts.h +@@ -141,10 +141,10 @@ + number_t number; + bytes_t bytes; + size_t len_used; +- size_t len_alloced; + char * packed_mid; + Part(): number(0), bytes(0), +- len_used(0), len_alloced(0), packed_mid(0) {} ++ len_used(0), packed_mid(0) {} ++ Part(number_t n, bytes_t b, size_t l); + ~Part() { delete [] packed_mid; } + Part (const Part&); + Part& operator= (const Part&); ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
