rpms/kdebase3/devel post-3.5.8-kdebase-kdm.diff,NONE,1.1
Kevin Kofler (kkofler)
fedora-extras-commits at redhat.com
Sat Feb 9 05:47:05 UTC 2008
Author: kkofler
Update of /cvs/pkgs/rpms/kdebase3/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26320/devel
Added Files:
post-3.5.8-kdebase-kdm.diff
Log Message:
* Sat Feb 09 2008 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.8-37
- sync from F8:
- kdm: local DoS vulnerability, CVE-2007-5963 (Than Ngo, 3.5.8-31.fc8)
- updated flash patch to support 64 bit platforms (Lukáš Tinkl, 3.5.8-32.fc8)
post-3.5.8-kdebase-kdm.diff:
--- NEW FILE post-3.5.8-kdebase-kdm.diff ---
--- kdm/backend/inifile.c
+++ kdm/backend/inifile.c
@@ -37,6 +37,7 @@
#include "dm_error.h"
#include <sys/types.h>
+#include <sys/stat.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
@@ -47,17 +48,27 @@
{
char *data;
int fd, len;
+ struct stat st;
if ((fd = open( fname, O_RDONLY | O_NONBLOCK )) < 0) {
Debug( "cannot open ini-file %\"s: %m", fname );
return 0;
}
- len = lseek( fd, 0, SEEK_END );
+ if (fstat( fd, &st ) || !S_ISREG( st.st_mode )) {
+ LogWarn( "Ini-file %\"s is no regular file\n", fname );
+ close( fd );
+ return 0;
+ }
+ if (st.st_size >= 0x10000) {
+ LogWarn( "Ini-file %\"s is too big\n", fname );
+ close( fd );
+ return 0;
+ }
+ len = st.st_size;
if (!(data = Malloc( len + 2 ))) {
close( fd );
return 0;
}
- lseek( fd, 0, SEEK_SET );
if (read( fd, data, len ) != len) {
Debug( "cannot read ini-file %\"s: %m", fname );
free( data );
More information about the fedora-extras-commits
mailing list