[gentoo-commits] gentoo-x86 commit in net-misc/tigervnc/files: CVE-2014-0011.patch

Thu, 20 Mar 2014 12:11:41 -0700 

armin76     14/03/20 19:10:56

  Added:                CVE-2014-0011.patch
  Log:
  Bump to 1.3.1 and patch 1.2.80_p5065 wrt security bug #505170
  
  (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 
0xF6AD3240)

Revision  Changes    Path
1.1                  net-misc/tigervnc/files/CVE-2014-0011.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/tigervnc/files/CVE-2014-0011.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/tigervnc/files/CVE-2014-0011.patch?rev=1.1&content-type=text/plain

Index: CVE-2014-0011.patch
===================================================================
diff -up tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011 
tigervnc-1.3.0/common/CMakeLists.txt
--- tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011  2013-07-01 
13:42:01.000000000 +0100
+++ tigervnc-1.3.0/common/CMakeLists.txt        2014-02-04 16:59:10.840037314 
+0000
@@ -23,3 +23,6 @@ if(CMAKE_COMPILER_IS_GNUCXX AND (CMAKE_S
     set_target_properties(zlib PROPERTIES COMPILE_FLAGS -fPIC)
   endif()
 endif()
+
+# Turn asserts on.
+set_target_properties(rdr rfb PROPERTIES COMPILE_FLAGS -UNDEBUG)
diff -up tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011 
tigervnc-1.3.0/common/rfb/zrleDecode.h
--- tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011        2013-07-01 
13:41:59.000000000 +0100
+++ tigervnc-1.3.0/common/rfb/zrleDecode.h      2014-02-04 16:17:00.881565540 
+0000
@@ -25,9 +25,10 @@
 // FILL_RECT          - fill a rectangle with a single colour
 // IMAGE_RECT         - draw a rectangle of pixel data from a buffer
 
+#include <stdio.h>
 #include <rdr/InStream.h>
 #include <rdr/ZlibInStream.h>
-#include <assert.h>
+#include <rfb/Exception.h>
 
 namespace rfb {
 
@@ -143,7 +144,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
               len += b;
             } while (b == 255);
 
-            assert(len <= end - ptr);
+           if (end - ptr < len) {
+             fprintf (stderr, "ZRLE decode error\n");
+             throw Exception ("ZRLE decode error");
+           }
 
 #ifdef FAVOUR_FILL_RECT
             int i = ptr - buf;
@@ -193,7 +197,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
                 len += b;
               } while (b == 255);
 
-              assert(len <= end - ptr);
+             if (end - ptr < len) {
+               fprintf (stderr, "ZRLE decode error\n");
+               throw Exception ("ZRLE decode error");
+             }
             }
 
             index &= 127;

Reply via email to