Merge branch 'master' into core-updates

author: Ludovic Courtès <ludo@gnu.org> 2016-06-07 11:54:03 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2016-06-07 11:54:03 +0200
commit: aeafff536f933b07836b14d089dfc52b0e432ec9 (patch)
tree: 4ede554999f98cf9e19c04098c934db52efae795 /gnu/packages/patches/antiword-CVE-2014-8123.patch
parent: 9dee9e8ffe4650949bd3ad2edf559cf4a33e9e6e (diff)
parent: f82c58539e1f7b9b864e68ea2ab0c6a17c15fbb5 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/antiword-CVE-2014-8123.patch b/gnu/packages/patches/antiword-CVE-2014-8123.patch
new file mode 100644
index 0000000000..d8d346a634
--- /dev/null
+++ b/gnu/packages/patches/antiword-CVE-2014-8123.patch
@@ -0,0 +1,21 @@
+Description: Add check for buffer overflow with malformed input files
+ This was later re-found and became CVE-2014-8123. 
+Author: <eriks@debian.org>
+Bug-Debian: http://bugs.debian.org/407015
+Bug-Debian: https://bugs.debian.org/771768
+Forwarded: http://seclists.org/oss-sec/2014/q4/870
+Last-Update: 2016-01-11
+
+--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
++++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
+@@ -259,6 +259,10 @@
+ 		}
+ 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
+ 		tNameSize = (tNameSize + 1) / 2;
++		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
++			werr(0, "Name Size of PPS %d is too large", iIndex);
++			tNameSize = sizeof(atPPSlist[iIndex].szName);
++		}
+ 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
+ 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
+ 		if (atPPSlist[iIndex].ucType == 5) {
author	Ludovic Courtès <ludo@gnu.org>	2016-06-07 11:54:03 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2016-06-07 11:54:03 +0200
commit	aeafff536f933b07836b14d089dfc52b0e432ec9 (patch)
tree	4ede554999f98cf9e19c04098c934db52efae795 /gnu/packages/patches/antiword-CVE-2014-8123.patch
parent	9dee9e8ffe4650949bd3ad2edf559cf4a33e9e6e (diff)
parent	f82c58539e1f7b9b864e68ea2ab0c6a17c15fbb5 (diff)