Blame tcl-snack-2.2.10-CVE-2012-6303-fix.patch
|
 |
833921d |
diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
|
|
|
833921d |
--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500
|
|
|
833921d |
+++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500
|
|
|
833921d |
@@ -1798,7 +1798,14 @@ static int
|
|
|
833921d |
GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf,
|
|
|
833921d |
int len)
|
|
|
833921d |
{
|
|
|
833921d |
- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
|
|
833921d |
+ int rlen;
|
|
|
833921d |
+
|
|
|
833921d |
+ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
|
|
|
833921d |
+ Tcl_AppendResult(interp, "Excessive header size", NULL);
|
|
|
833921d |
+ return TCL_ERROR;
|
|
|
833921d |
+ }
|
|
|
833921d |
+
|
|
|
833921d |
+ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
|
|
833921d |
|
|
|
833921d |
if (rlen < len - s->firstNRead){
|
|
|
833921d |
Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
|