diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/ytnef-CVE-2021-3403.patch | 32 | ||||
| -rw-r--r-- | gnu/packages/patches/ytnef-CVE-2021-3404.patch | 30 |
2 files changed, 0 insertions, 62 deletions
diff --git a/gnu/packages/patches/ytnef-CVE-2021-3403.patch b/gnu/packages/patches/ytnef-CVE-2021-3403.patch deleted file mode 100644 index 4b1c9d659f..0000000000 --- a/gnu/packages/patches/ytnef-CVE-2021-3403.patch +++ /dev/null @@ -1,32 +0,0 @@ -From f2380a53fb84d370eaf6e6c3473062c54c57fac7 Mon Sep 17 00:00:00 2001 -From: Oliver Giles <ohw.giles@gmail.com> -Date: Mon, 1 Feb 2021 10:12:16 +1300 -Subject: [PATCH] Prevent potential double-free in TNEFSubjectHandler - -If TNEFSubjectHandler is called multiple times, but the last time -failed due to the PREALLOCCHECK, the subject.data member will be -a freed, but invalid pointer. To prevent a double-free next time -TNEFSubjectHandler is entered, set it to zero after freeing. - -Resolves: #85 -Reported-by: jasperla ---- - lib/ytnef.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/ytnef.c b/lib/ytnef.c -index b148719..b06c807 100644 ---- a/lib/ytnef.c -+++ b/lib/ytnef.c -@@ -301,8 +301,10 @@ int TNEFFromHandler STD_ARGLIST { - } - // ----------------------------------------------------------------------------- - int TNEFSubjectHandler STD_ARGLIST { -- if (TNEF->subject.data) -+ if (TNEF->subject.data) { - free(TNEF->subject.data); -+ TNEF->subject.data = NULL; -+ } - - PREALLOCCHECK(size, 100); - TNEF->subject.data = calloc(size+1, sizeof(BYTE)); diff --git a/gnu/packages/patches/ytnef-CVE-2021-3404.patch b/gnu/packages/patches/ytnef-CVE-2021-3404.patch deleted file mode 100644 index e991d6aff1..0000000000 --- a/gnu/packages/patches/ytnef-CVE-2021-3404.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f9ff4a203b8c155d51a208cadadb62f224fba715 Mon Sep 17 00:00:00 2001 -From: Oliver Giles <ohw.giles@gmail.com> -Date: Mon, 1 Feb 2021 10:18:17 +1300 -Subject: [PATCH] Ensure the size of the version field is 4 bytes - -A corrupted version field size can cause TNEFVersion to access outside -of allocated memory. Check the version is the expected size and raise -an error if not. - -Resolves: #86 -Reported-by: jasperla ---- - lib/ytnef.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/ytnef.c b/lib/ytnef.c -index b148719..ffede44 100644 ---- a/lib/ytnef.c -+++ b/lib/ytnef.c -@@ -335,6 +335,10 @@ int TNEFRendData STD_ARGLIST { - int TNEFVersion STD_ARGLIST { - WORD major; - WORD minor; -+ if (size != 2 * sizeof(WORD)) { -+ printf("Incorrect size of version field, suspected corruption\n"); -+ return -1; -+ } - minor = SwapWord((BYTE*)data, size); - major = SwapWord((BYTE*)data + 2, size - 2); - |