rpms/curl/FC-4 curl-7.13.1-2005-3185.patch, NONE, 1.1 curl.spec, 1.24, 1.25
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 19 13:43:04 UTC 2005
Author: varekova
Update of /cvs/dist/rpms/curl/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv2539
Modified Files:
curl.spec
Added Files:
curl-7.13.1-2005-3185.patch
Log Message:
- fix bug 170682 - CAN-2005-3185 NTLM buffer overflow
(this change is only in cvs - not build and not create update)
curl-7.13.1-2005-3185.patch:
http_ntlm.c | 7 +++++++
1 files changed, 7 insertions(+)
--- NEW FILE curl-7.13.1-2005-3185.patch ---
--- curl-7.13.1/lib/http_ntlm.c.2005-3185 2005-02-22 13:10:30.000000000 +0100
+++ curl-7.13.1/lib/http_ntlm.c 2005-10-19 15:18:42.165859528 +0200
@@ -534,6 +534,13 @@
size=64;
ntlmbuf[62]=ntlmbuf[63]=0;
+ /* Make sure that the user and domain strings fit in the target buffer
+ before we copy them there. */
+ if(size + userlen + domlen >= sizeof(ntlmbuf)) {
+ failf(conn->data, "user + domain name too big");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
memcpy(&ntlmbuf[size], domain, domlen);
size += domlen;
Index: curl.spec
===================================================================
RCS file: /cvs/dist/rpms/curl/FC-4/curl.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- curl.spec 3 May 2005 10:57:05 -0000 1.24
+++ curl.spec 19 Oct 2005 13:42:57 -0000 1.25
@@ -1,13 +1,14 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
Name: curl
Version: 7.13.1
-Release: 3
+Release: 4
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
Patch0: curl-7.12.0-nousr.patch
Patch1: curl-7.10.4-path.patch
Patch2: curl-7.13.1-auth.patch
+Patch3: curl-7.13.1-2005-3185.patch
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
@@ -38,6 +39,7 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1 -b .auth
+%patch3 -p1 -b .2005-3185
%build
aclocal
@@ -92,6 +94,10 @@
%{_mandir}/man3/*
%changelog
+* Wed Oct 19 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4
+- fix bug 170682 - CAN-2005-3185 NTLM buffer overflow
+ (this change is only in cvs - not build and not create update)
+
* Tue May 03 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-3
- fix bug 150768 - curl-7.12.3-2 breaks basic authentication
used Daniel Stenberg patch (patch2)
More information about the fedora-cvs-commits
mailing list