diff options
author | 2009-04-13 17:08:57 +0200 | |
---|---|---|
committer | 2009-04-13 17:08:57 +0200 | |
commit | b402aa28c938befc90c2fabb0731707699ee6d4b (patch) | |
tree | b73fc9a180288f03e71fa9ef5cd51ed4b3474e53 /dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch | |
parent | renamed: generate_tarball.sh -> generate_boinc-src_tarball.sh (diff) | |
download | sci-b402aa28c938befc90c2fabb0731707699ee6d4b.tar.gz sci-b402aa28c938befc90c2fabb0731707699ee6d4b.tar.bz2 sci-b402aa28c938befc90c2fabb0731707699ee6d4b.zip |
dev-libs/libunzip added
Diffstat (limited to 'dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch')
-rw-r--r-- | dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch b/dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch new file mode 100644 index 000000000..368b3eeb1 --- /dev/null +++ b/dev-libs/libunzip/files/libunzip-5.52-CVE-2008-0888.patch @@ -0,0 +1,35 @@ +http://bugs.gentoo.org/213761 + +fix for CVE-2008-0888 + +--- inflate.c ++++ inflate.c +@@ -983,6 +983,7 @@ + unsigned l; /* last length */ + unsigned m; /* mask for bit lengths table */ + unsigned n; /* number of lengths to get */ ++ struct huft *tlp; + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + unsigned bl; /* lookup bits for tl */ +@@ -996,6 +997,8 @@ + int retval = 0; /* error code returned: initialized to "no error" */ + + ++ td = tlp = tl = (struct huft *)NULL; ++ + /* make local bit buffer */ + Trace((stderr, "\ndynamic block")); + b = G.bb; +@@ -1047,9 +1050,9 @@ + while (i < n) + { + NEEDBITS(bl) +- j = (td = tl + ((unsigned)b & m))->b; ++ j = (tlp = tl + ((unsigned)b & m))->b; + DUMPBITS(j) +- j = td->v.n; ++ j = tlp->v.n; + if (j < 16) /* length of code in bits (0..15) */ + ll[i++] = l = j; /* save last length in l */ + else if (j == 16) /* repeat last length 3 to 6 times */ |