Fix CVE-2017-7853: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853 https://savannah.gnu.org/support/index.php?109265 Patch copied from upstream source repository: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001 From: Aymeric Moizard Date: Tue, 21 Feb 2017 17:16:26 +0100 Subject: [PATCH] * fix bug report: sr #109265: SIP message body length underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 also applicable to current latest version --- src/osipparser2/osip_message_parse.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c index 1628c60..aa35446 100644 --- a/src/osipparser2/osip_message_parse.c +++ b/src/osipparser2/osip_message_parse.c @@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) start_of_body++; + /* if message body is empty or contains a single CR/LF */ + if (end_of_body <= start_of_body) { + osip_free (sep_boundary); + return OSIP_SYNTAXERROR; + } + body_len = end_of_body - start_of_body; /* Skip CR before end boundary. */ -- 2.13.1 atch?id=576c0e29cdcf5c344f19bd2e099e3545b4a2c185'>treecommitdiff
path: root/gnu/packages/patches/libmad-armv7-thumb-pt1.patch
7-05-24
AgeCommit message (Expand)Author
gnu: sane-backends-minimal, sane-backends: Update to 1.0.27....Tobias Geerinckx-Rice
2016-12-17gnu: sane-backends: Remove timestamps from the output....Ludovic Courtès
2016-12-17gnu: Add and use sane-backends....Andy Patterson
2016-12-17gnu: Add and use sane-backends-minimal....Andy Patterson
2016-12-17gnu: sane-backends: Disable backend generation....Andy Patterson
2016-10-09gnu: sane-backends: Update to 1.0.25....Al McElrath