Fix remotely exploitable buffer overflow (CVE-2002-0391).

author: Stefan Eßer <se@FreeBSD.org> 2003-07-06 10:29:12 +0000
committer: Stefan Eßer <se@FreeBSD.org> 2003-07-06 10:29:12 +0000
commit: d9cc06b566fea20dcad4eb6f0fb421a0c7f44748 (patch)
tree: 5cf2a31b48ab2cb820d988e46524ff1fac38e32d /games/acm
parent: Update to 0.7.3 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/games/acm/files/patch-09 b/games/acm/files/patch-09
new file mode 100644
index 000000000000..d0ce1c2950b1
--- /dev/null
+++ b/games/acm/files/patch-09
@@ -0,0 +1,24 @@
+--- dis/lib/xdr_var_array.c~	Mon May 11 20:58:55 1998
++++ dis/lib/xdr_var_array.c	Sun Jul  6 03:21:47 2003
+@@ -75,6 +75,12 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <sys/param.h>
++#if __FreeBSD_Version__ >= 500113
++#  include <sys/limits.h>
++#else
++#  include <machine/limits.h>
++#endif
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
+ 
+@@ -104,7 +110,7 @@
+ 	register u_int nodesize;
+ 
+ 	c = size;
+-	if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
++	if ((c > maxsize || c > UINT_MAX/elsize) && (xdrs->x_op != XDR_FREE)) {
+ 		return (FALSE);
+ 	}
+ 	nodesize = c * elsize;
author	Stefan Eßer <se@FreeBSD.org>	2003-07-06 10:29:12 +0000
committer	Stefan Eßer <se@FreeBSD.org>	2003-07-06 10:29:12 +0000
commit	d9cc06b566fea20dcad4eb6f0fb421a0c7f44748 (patch)
tree	5cf2a31b48ab2cb820d988e46524ff1fac38e32d /games/acm
parent	Update to 0.7.3 (diff)