diff options
author | Martin Wilke <miwi@FreeBSD.org> | 2007-07-31 13:27:00 +0000 |
---|---|---|
committer | Martin Wilke <miwi@FreeBSD.org> | 2007-07-31 13:27:00 +0000 |
commit | c4c6d404388c84d84e2b44c0ef478302adb9ae20 (patch) | |
tree | 35c3383cf019ac5c97c949e2adc7db2b906376ef | |
parent | - Try to force our idea of OSARCH (untested) (diff) |
- Fix buffer overflow vulnerability.
- Bump PORTREVISION
Approved by: simon (secteam)
Security: http://www.vuxml.org/freebsd/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html
Notes
Notes:
svn path=/head/; revision=196823
-rw-r--r-- | print/cups-base/Makefile | 2 | ||||
-rw-r--r-- | print/cups-base/files/patch-CVE-2007-3387 | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile index 2610d198b976..8211254ce05f 100644 --- a/print/cups-base/Makefile +++ b/print/cups-base/Makefile @@ -7,7 +7,7 @@ PORTNAME= cups PORTVERSION= 1.2.11 -PORTREVISION= 2 +PORTREVISION= 3 DISTVERSIONSUFFIX= -source CATEGORIES= print MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION} diff --git a/print/cups-base/files/patch-CVE-2007-3387 b/print/cups-base/files/patch-CVE-2007-3387 new file mode 100644 index 000000000000..91710dba6195 --- /dev/null +++ b/print/cups-base/files/patch-CVE-2007-3387 @@ -0,0 +1,23 @@ +--- pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100 ++++ pdftops/Stream.cxx 2007-07-31 15:05:53.000000000 +0200 +@@ -411,15 +411,13 @@ + ok = gFalse; + + nVals = width * nComps; +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits || +- nVals * nBits + 7 < 0) { +- return; +- } + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; +- if (rowBytes <= 0) { ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || ++ nBits > 16 || ++ width >= INT_MAX / nComps || // check for overflow in nVals ++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes + return; + } + predLine = (Guchar *)gmalloc(rowBytes); |