old
/
eterm
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tue Mar 15 23:08:26 2011 Michael Jennings (mej) 

Fix for CVE-2011-0768, an off-by-one error in handling large pixmap
filenames which resulted in an overflow of a single NUL character if
the filename exceeded PATH_MAX bytes.  This bug is NOT exploitable.
Again, thanks to Jonathan Brossard and the team at Toucan System for
responsibly disclosing this vulnerability and to CERT for assisting
with coordination and disclosure.
----------------------------------------------------------------------


SVN revision: 59414
This commit is contained in:
Michael Jennings 2011-05-15 21:24:19 +00:00
parent e096c4df0f
commit 21375413fa
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -5653,7 +5653,7 @@ claims to be a string, which is probably more correct. This should
also eliminate server round-trips when clients ask for UTF-8, get a
string, then ask for a string (Opera).
----------------------------------------------------------------------
Tue Mar 15 23:03:57 2011 mej
Tue Mar 15 23:03:57 2011 Michael Jennings (mej)
Fix for CVE-2011-0409 (CERT VU#285156), a use-after-free error in the
XIM code. This only affects versions where XIM support is compiled in
@ -5663,3 +5663,12 @@ the team at Toucan System for responsibly disclosing this
vulnerability and to CERT for assisting with coordination and
disclosure.
----------------------------------------------------------------------
Tue Mar 15 23:08:26 2011 Michael Jennings (mej)
Fix for CVE-2011-0768, an off-by-one error in handling large pixmap
filenames which resulted in an overflow of a single NUL character if
the filename exceeded PATH_MAX bytes. This bug is NOT exploitable.
Again, thanks to Jonathan Brossard and the team at Toucan System for
responsibly disclosing this vulnerability and to CERT for assisting
with coordination and disclosure.
----------------------------------------------------------------------

2
src/pixmap.c
View File

@ -1327,7 +1327,7 @@ search_path(const char *pathlist, const char *file)
D_OPTIONS(("search_path(\"%s\", \"%s\") called from \"%s\".\n", pathlist, file, name));
if (len < PATH_MAX - 1) {
strcat(name, "/");
strncat(name, file, PATH_MAX - len - 1);
strncat(name, file, PATH_MAX - len - 2);
}
D_OPTIONS(("Checking for file \"%s\"\n", name));
if (!access(name, R_OK)) {