rpms / tcl-snack

Clone
Source Code
GIT

Files

  1.   c74fbc5a1d03ceb8c61639e7990e0870221f5fdb
  2.   tcl-snack-2.2.10-CVE-2012-6303-fix.patch
Blob Blame History Raw 
diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
--- snack2.2.10/generic/jkSoundFile.c.CVE20126303	2013-01-02 11:26:15.496231056 -0500
+++ snack2.2.10/generic/jkSoundFile.c	2013-01-02 11:27:26.134250662 -0500
@@ -1798,7 +1798,14 @@ static int
 GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, 
 	       int len)
 {
-  int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+  int rlen;
+
+  if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
+    Tcl_AppendResult(interp, "Excessive header size", NULL);
+    return TCL_ERROR;
+  }
+
+  rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
 
   if (rlen < len - s->firstNRead){
     Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.