[people/teissler/ipfire-2.x.git] / src / patches / nasm-0.98.39-security_fix-1.patch

Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
Date: 2005-08-08
Initial Package Version: 0.98.39
Upstream Status: From upstream cvs
Origin: Extracted by Ken Moffat
Description:  This is Jindrich Novy's patch to fix another buffer overrun
in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a
malicious source file can have arbitrary code executed via a buffer
overflow).

--- nasm-0.98.39/output/outieee.c.orig	2005-01-15 22:16:08.000000000 +0000
+++ nasm-0.98.39/output/outieee.c	2005-08-08 22:12:46.000000000 +0100
@@ -1120,7 +1120,7 @@
     va_list ap;
 
     va_start(ap, format);
-    vsprintf(buffer, format, ap);
+    vsnprintf(buffer, sizeof(buffer), format, ap);
     l = strlen(buffer);
     for (i = 0; i < l; i++)
         if ((buffer[i] & 0xff) > 31)
Commit	Line	Data
fd3e7da0 MT	1	Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
	2	Date: 2005-08-08
	3	Initial Package Version: 0.98.39
	4	Upstream Status: From upstream cvs
	5	Origin: Extracted by Ken Moffat
	6	Description: This is Jindrich Novy's patch to fix another buffer overrun
	7	in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a
	8	malicious source file can have arbitrary code executed via a buffer
	9	overflow).
	10
	11	--- nasm-0.98.39/output/outieee.c.orig 2005-01-15 22:16:08.000000000 +0000
	12	+++ nasm-0.98.39/output/outieee.c 2005-08-08 22:12:46.000000000 +0100
	13	@@ -1120,7 +1120,7 @@
	14	va_list ap;
	15
	16	va_start(ap, format);
	17	- vsprintf(buffer, format, ap);
	18	+ vsnprintf(buffer, sizeof(buffer), format, ap);
	19	l = strlen(buffer);
	20	for (i = 0; i < l; i++)
	21	if ((buffer[i] & 0xff) > 31)