diff options
author | Graham Christensen <graham@grahamc.com> | 2017-01-25 07:23:49 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-01-25 07:24:19 -0500 |
commit | 04ae7febc80a165765a9035234e962289a4f6d14 (patch) | |
tree | 4b485ab87f341af43d2403ff496e8e1328c99d98 /pkgs/applications/version-management/cvs/CVE-2012-0804.patch | |
parent | 87a3ee0c4055f23952d74f8a3b6573d6218016b9 (diff) | |
download | nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar.gz nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar.bz2 nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar.lz nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar.xz nixlib-04ae7febc80a165765a9035234e962289a4f6d14.tar.zst nixlib-04ae7febc80a165765a9035234e962289a4f6d14.zip |
cvs: patch against CVE-2012-0804 (heap overflow)
Diffstat (limited to 'pkgs/applications/version-management/cvs/CVE-2012-0804.patch')
-rw-r--r-- | pkgs/applications/version-management/cvs/CVE-2012-0804.patch | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/cvs/CVE-2012-0804.patch b/pkgs/applications/version-management/cvs/CVE-2012-0804.patch new file mode 100644 index 000000000000..cd2b324729fb --- /dev/null +++ b/pkgs/applications/version-management/cvs/CVE-2012-0804.patch @@ -0,0 +1,16 @@ +diff --git a/src/client.c b/src/client.c +index 751406b..b45d89c 100644 +--- a/src/client.c ++++ b/src/client.c +@@ -3558,9 +3558,9 @@ connect_to_pserver (cvsroot_t *root, struct buffer **to_server_p, + * code. + */ + read_line_via (from_server, to_server, &read_buf); +- sscanf (read_buf, "%s %d", write_buf, &codenum); ++ count = sscanf (read_buf, "%*s %d", &codenum); + +- if ((codenum / 100) != 2) ++ if (count != 1 || (codenum / 100) != 2) + error (1, 0, "proxy server %s:%d does not support http tunnelling", + root->proxy_hostname, proxy_port_number); + free (read_buf); |