rpms/openoffice.org/FC-6 openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch, NONE, 1.1 openoffice.org.spec, 1.946, 1.947

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Jun 1 11:26:19 UTC 2007


Author: caolanm

Update of /cvs/dist/rpms/openoffice.org/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv1843

Modified Files:
	openoffice.org.spec 
Added Files:
	openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch 
Log Message:
Resolves: CVE-2007-0245 ooo#77214

openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch:
 source/filter/rtf/swparrtf.cxx    |    0 
 sw/source/filter/rtf/swparrtf.cxx |   25 ++++++-------------------
 2 files changed, 6 insertions(+), 19 deletions(-)

--- NEW FILE openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch ---
Index: source/filter/rtf/swparrtf.cxx
===================================================================
RCS file: /cvs/sw/sw/source/filter/rtf/swparrtf.cxx,v
retrieving revision 1.64.36.1
diff -u -r1.64.36.1 swparrtf.cxx
--- openoffice.org.orig/sw/source/filter/rtf/swparrtf.cxx	1 Feb 2007 18:23:13 -0000	1.64.36.1
+++ openoffice.org/sw/source/filter/rtf/swparrtf.cxx	7 Apr 2007 11:03:07 -0000
@@ -3684,25 +3684,12 @@
 
 void SwRTFParser::ReadPrtData()
 {
-	// der Eingabe Stream steht auf der aktuellen Position
-	USHORT nLen = USHORT( nTokenValue ), nCnt = 0;
-	BYTE * pData = new BYTE[ nLen ];
-
-	while( IsParserWorking() ) 			// lese bis zur schliessenden Klammer
-	{
-		int nToken = GetNextToken();
-		if( RTF_TEXTTOKEN == nToken )
-		{
-			xub_StrLen nTknLen = HexToBin( aToken );
-			if( STRING_NOTFOUND != nTknLen )
-			{
-				memcpy( pData + nCnt, (sal_Char*)aToken.GetBuffer(), nTknLen );
-				nCnt += nTknLen;
-			}
-		}
-		else if( '}' == nToken )
-			break;
-	}
+	while( IsParserWorking() )
+    {
+        int nToken = GetNextToken();
+        if( (RTF_TEXTTOKEN != nToken) && ('}' == nToken) )
+            break;
+    }
 
     SkipToken( -1 );        // schliessende Klammer wieder zurueck!!
 }



Index: openoffice.org.spec
===================================================================
RCS file: /cvs/dist/rpms/openoffice.org/FC-6/openoffice.org.spec,v
retrieving revision 1.946
retrieving revision 1.947
diff -u -r1.946 -r1.947
--- openoffice.org.spec	22 May 2007 09:44:48 -0000	1.946
+++ openoffice.org.spec	1 Jun 2007 11:26:14 -0000	1.947
@@ -166,6 +166,7 @@
 Patch98: openoffice.org-2.2.0.ooo76393.sal.dynamicsection.patch
 Patch99: workspace.dba22b.patch
 Patch100: workspace.cmcfixes34.patch
+Patch101: openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch
 
 %define instdir %{_libdir}/openoffice.org2.0
 
@@ -1066,6 +1067,7 @@
 %patch98 -p1 -b .ooo76393.sal.dynamicsection.patch
 %patch99 -p1 -b .workspace.dba22b.patch
 %patch100 -p1 -b .workspace.cmcfixes34.patch
+%patch101 -p1 -b .ooo77214.rtfprtdata.sw.patch
 
 tar xzf %{SOURCE1}
 
@@ -2595,7 +2597,8 @@
 %{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu
 
 %changelog
-* Mon May 21 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.0.4-5.5.23
+* Fri Jun 01 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.0.4-5.5.23
+- Resolves: CVE-2007-0245 ooo#77214 rtf prtdata
 - Resolves: rhbz#240738 workspace.dba22b.patch
 - add workspace.cmcfixes34.patch for int(0) not being promoted to long
   NULL in ellipsed methods




More information about the fedora-cvs-commits mailing list