summary refs log tree commit diff
path: root/gnu/packages/patches/antiword-CVE-2014-8123.patch
blob: d8d346a63469d594db71577ae3c1d9e8900dc2f8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Description: Add check for buffer overflow with malformed input files
 This was later re-found and became CVE-2014-8123. 
Author: <eriks@debian.org>
Bug-Debian: http://bugs.debian.org/407015
Bug-Debian: https://bugs.debian.org/771768
Forwarded: http://seclists.org/oss-sec/2014/q4/870
Last-Update: 2016-01-11

--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {