Security fix for gd remote buffer overflow vulnerability.

PR: ports/147163 Submitted by: Michael Ranner <michael@ranner.eu>
author: Alex Dupre <ale@FreeBSD.org> 2010-06-14 14:43:44 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2010-06-14 14:43:44 +0000
commit: 542b78d08dd94e73ca79a197e8f102cb610b87a7 (patch)
tree: 889d1905aa889796e4fed3a3ecb8678bdf447632 /graphics
parent: - Adopt unmaintained ports. (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/graphics/php4-gd/Makefile b/graphics/php4-gd/Makefile
index 4e1f0b87e77b..58d544d91d16 100644
--- a/graphics/php4-gd/Makefile
+++ b/graphics/php4-gd/Makefile
@@ -5,6 +5,7 @@
 # $FreeBSD$
 #
 
+PORTREVISION=	4
 CATEGORIES=	graphics
 
 MASTERDIR=	${.CURDIR}/../../lang/php4
diff --git a/graphics/php4-gd/files/patch-libgd_gd_gd.c b/graphics/php4-gd/files/patch-libgd_gd_gd.c
new file mode 100644
index 000000000000..121a02498fe0
--- /dev/null
+++ b/graphics/php4-gd/files/patch-libgd_gd_gd.c
@@ -0,0 +1,12 @@
+--- libgd/gd_gd.c.orig	2010-03-26 14:26:22.000000000 +0100
++++ libgd/gd_gd.c	2010-03-26 14:28:03.000000000 +0100
+@@ -40,6 +40,9 @@
+ 			if (!gdGetWord(&im->colorsTotal, in)) {
+ 				goto fail1;
+ 			}
++			if (im->colorsTotal > gdMaxColors) {
++				goto fail1;
++			}
+ 		}
+ 		/* Int to accommodate truecolor single-color transparency */
+ 		if (!gdGetInt(&im->transparent, in)) {
author	Alex Dupre <ale@FreeBSD.org>	2010-06-14 14:43:44 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2010-06-14 14:43:44 +0000
commit	542b78d08dd94e73ca79a197e8f102cb610b87a7 (patch)
tree	889d1905aa889796e4fed3a3ecb8678bdf447632 /graphics
parent	- Adopt unmaintained ports. (diff)