1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#! /bin/sh /usr/share/dpatch/dpatch-run
# Description: fix denial of service and possible arbitrary code
# execution via long SNMP response
# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610960
# Author: Sebastian Krahmer
@DPATCH@
Index: hplip-3.12.4/io/hpmud/pml.c
===================================================================
--- hplip-3.12.4.orig/io/hpmud/pml.c 2012-04-10 18:35:06.000000000 +1000
+++ hplip-3.12.4/io/hpmud/pml.c 2012-05-26 10:21:30.000000000 +1000
@@ -504,6 +504,8 @@
p += 2; /* eat type and length */
}
+ if (dLen > buf_size)
+ dLen = buf_size;
memcpy(buf, p, dLen);
*bytes_read = dLen;
*type = dt;
|