[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[update] devel/libgtop



This is an update for libgtop's port.

Buffer overflow in the permitted function of GNOME libgtop_daemon 
in libgtop 1.0.13 and earlier may allow remote attackers to execute 
arbitrary code via long authentication data.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928


Index: patches/patch-src_daemon_gnuserv_c
===================================================================
RCS file: patches/patch-src_daemon_gnuserv_c
diff -N patches/patch-src_daemon_gnuserv_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_daemon_gnuserv_c	9 May 2003 10:09:24 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+--- src/daemon/gnuserv.c.orig	Fri May  9 17:06:45 2003
++++ src/daemon/gnuserv.c	Fri May  9 17:09:13 2003
+@@ -200,6 +200,12 @@ permitted (u_long host_addr, int fd)
+ 
+ 	auth_data_len = atoi (buf);
+ 
++	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
++		syslog_message(LOG_WARNING,
++			       "Invalid data length supplied by client");
++		return FALSE;
++	}
++
+ 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
+ 	    return FALSE;
+