Bugzilla – Attachment 45841 Details for
Bug 85842
VUL-0: CVE-2006-5639: AUDIT-0: OpenWBEM
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
patch for buffer overflow vulnerabilities
openwbem.security.patch (text/plain), 2.22 KB, created by
Bart Whiteley
on 2005-08-11 22:33:34 UTC
(
hide
)
Description:
patch for buffer overflow vulnerabilities
Filename:
MIME Type:
Creator:
Bart Whiteley
Created:
2005-08-11 22:33:34 UTC
Size:
2.22 KB
patch
obsolete
>Index: src/http/client/OW_HTTPClient.cpp >=================================================================== >RCS file: /cvsroot/openwbem/openwbem/src/http/client/OW_HTTPClient.cpp,v >retrieving revision 1.85 >diff -u -r1.85 OW_HTTPClient.cpp >--- src/http/client/OW_HTTPClient.cpp 10 Aug 2005 17:10:38 -0000 1.85 >+++ src/http/client/OW_HTTPClient.cpp 11 Aug 2005 22:19:22 -0000 >@@ -922,8 +922,12 @@ > } > else if (headerHasKey("Content-Length")) > { >- rval = new HTTPLenLimitIStream(m_istr, >- getHeaderValue("Content-Length").toInt32()); >+ Int64 clen = getHeaderValue("Content-Length").toInt64(); >+ if (clen < 0) >+ { >+ OW_THROW(HTTPException, "Invalid Content-Length"); >+ } >+ rval = new HTTPLenLimitIStream(m_istr,clen); > } > if (getHeaderValue("Content-Encoding").equalsIgnoreCase("deflate")) > { >Index: src/http/common/OW_HTTPChunkedIStream.cpp >=================================================================== >RCS file: /cvsroot/openwbem/openwbem/src/http/common/OW_HTTPChunkedIStream.cpp,v >retrieving revision 1.20 >diff -u -r1.20 OW_HTTPChunkedIStream.cpp >--- src/http/common/OW_HTTPChunkedIStream.cpp 3 Feb 2005 00:52:49 -0000 1.20 >+++ src/http/common/OW_HTTPChunkedIStream.cpp 11 Aug 2005 22:19:22 -0000 >@@ -71,7 +71,7 @@ > if (m_inLen == -1) > { > m_istr >> std::hex >> m_inLen >> std::dec; >- if (m_istr.fail() || m_istr.bad()) >+ if (m_istr.fail() || m_istr.bad() || m_inLen < 0) > { > return -1; > } >Index: src/http/common/OW_HTTPLenLimitIStream.cpp >=================================================================== >RCS file: /cvsroot/openwbem/openwbem/src/http/common/OW_HTTPLenLimitIStream.cpp,v >retrieving revision 1.12 >diff -u -r1.12 OW_HTTPLenLimitIStream.cpp >--- src/http/common/OW_HTTPLenLimitIStream.cpp 3 Feb 2005 00:52:49 -0000 1.12 >+++ src/http/common/OW_HTTPLenLimitIStream.cpp 11 Aug 2005 22:19:22 -0000 >@@ -62,6 +62,13 @@ > } > // min of n and (length - pos) > int tmpInLen = (n < (m_length - m_pos)) ? n : (m_length - m_pos); >+ if (tmpInLen > n) >+ { >+ // This shouldn't happen, but it could if m_length were >+ // negative (32bit vs. 64bit problem). Check it here to >+ // prevent the possibility of a buffer overflow. >+ return -1; >+ } > m_istr.read(c, tmpInLen); > int lastRead = m_istr.gcount(); > m_pos += lastRead;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=45841">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 85842
:
38088
|
39970
| 45841 |
47461