SOURCES: pan-CVE-2008-2363.patch (NEW) - fix for CVE-2008-2363

megabajt megabajt at pld-linux.org
Mon Jul 28 14:35:31 CEST 2008 

Author: megabajt                     Date: Mon Jul 28 12:35:31 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- fix for CVE-2008-2363

---- Files affected:
SOURCES:
   pan-CVE-2008-2363.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/pan-CVE-2008-2363.patch
diff -u /dev/null SOURCES/pan-CVE-2008-2363.patch:1.1
--- /dev/null	Mon Jul 28 14:35:32 2008
+++ SOURCES/pan-CVE-2008-2363.patch	Mon Jul 28 14:35:26 2008
@@ -0,0 +1,93 @@
+https://bugs.gentoo.org/show_bug.cgi?id=224051
+https://bugzilla.gnome.org/show_bug.cgi?id=535413
+https://bugzilla.redhat.com/show_bug.cgi?id=446902
+
+--- pan-0.132/pan/data/parts.cc
++++ pan-0.132/pan/data/parts.cc
+@@ -303,8 +303,7 @@
+   this->n_parts_total = n_parts_total;
+   this->n_parts_found = 0; // they haven't been added yet
+ 
+-  if (n_parts_found > parts.size())
+-    parts.resize (n_parts_found);
++  parts.clear();
+ }
+ 
+ void
+@@ -312,21 +311,10 @@
+                        const StringView  & mid,
+                        bytes_t             bytes)
+ {
+-  if (n_parts_found >= parts.size())
+-    parts.resize (n_parts_found+1);
+-
+-  Part& p = *(&parts.front() + n_parts_found++);
+-  p.number = number;
+-  p.bytes = bytes;
+ 
+   Packer packer;
+   pack_message_id (packer, mid, reference_mid);
+-  p.len_used = packer.size ();
+-  if (p.len_alloced < p.len_used) {
+-    delete [] p.packed_mid;
+-    p.packed_mid = new char [p.len_used];
+-    p.len_alloced = p.len_used;
+-  }
++  Part p(number,bytes,packer.size());
+   packer.pack (p.packed_mid);
+   packed_mids_len += p.len_used;
+ 
+@@ -337,8 +325,9 @@
+   assert (mid == tmp);
+ #endif
+ 
+-  if (n_parts_total < n_parts_found)
++  if (n_parts_total < ++n_parts_found)
+       n_parts_total = n_parts_found;
++  parts.push_back(p);
+ }
+ 
+ PartBatch :: Part&
+@@ -346,7 +335,7 @@
+ {
+   number =  that.number;
+   bytes =  that.bytes;
+-  len_used = len_alloced = that.len_used;
++  len_used = that.len_used;
+   delete [] packed_mid;
+   packed_mid = new char [len_used];
+   memcpy (packed_mid, that.packed_mid, len_used);
+@@ -357,11 +346,17 @@
+   number (that.number),
+   bytes (that.bytes),
+   len_used (that.len_used),
+-  len_alloced (that.len_used),
+   packed_mid (new char [len_used])
+ {
+   memcpy (packed_mid, that.packed_mid, len_used);
+ }
++PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l):
++    number(n),
++    bytes(b),
++    len_used(l),
++    packed_mid(new char [len_used])
++{
++}
+ 
+ void
+ PartBatch :: sort (void)
+--- pan-0.132/pan/data/parts.h
++++ pan-0.132/pan/data/parts.h
+@@ -141,10 +141,10 @@
+         number_t number;
+         bytes_t bytes;
+         size_t len_used;
+-        size_t len_alloced;
+         char * packed_mid;
+         Part(): number(0), bytes(0),
+-                len_used(0), len_alloced(0), packed_mid(0) {}
++                len_used(0), packed_mid(0) {}
++        Part(number_t n, bytes_t b, size_t l);
+         ~Part() { delete [] packed_mid; }
+         Part (const Part&);
+         Part& operator= (const Part&);
================================================================

More information about the pld-cvs-commit mailing list