SOURCES: cups-CAN-2005-2097.patch (NEW) - security fix for a DoS v...

[adamg]

Author: adamg                        Date: Fri Sep  2 23:32:12 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- security fix for a DoS vulnerability (CAN-2005-2097)
- release 4

---- Files affected:
SOURCES:
   cups-CAN-2005-2097.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/cups-CAN-2005-2097.patch
diff -u /dev/null SOURCES/cups-CAN-2005-2097.patch:1.1
--- /dev/null	Sat Sep  3 01:32:12 2005
+++ SOURCES/cups-CAN-2005-2097.patch	Sat Sep  3 01:32:07 2005
@@ -0,0 +1,21 @@
+diff -burN cups-1.1.23.orig/pdftops/FontFile.cxx cups-1.1.23/pdftops/FontFile.cxx
+--- cups-1.1.23.orig/pdftops/FontFile.cxx	2005-09-02 19:02:24.273122328 +0200
++++ cups-1.1.23/pdftops/FontFile.cxx	2005-09-02 19:02:39.174856920 +0200
+@@ -18,6 +18,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <ctype.h>
++#include <error.h>
+ #include "gmem.h"
+ #include "GHash.h"
+ #include "Error.h"
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error (1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {
================================================================