rpms/openoffice.org/FC-5 openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch, NONE, 1.1 openoffice.org.spec, 1.687, 1.688

Fri Jun 1 11:16:40 UTC 2007

Author: caolanm

Update of /cvs/dist/rpms/openoffice.org/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv1710

Modified Files:
	openoffice.org.spec 
Added Files:
	openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch 
Log Message:
openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch

openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch:
 source/filter/rtf/swparrtf.cxx    |    0 
 sw/source/filter/rtf/swparrtf.cxx |   25 ++++++-------------------
 2 files changed, 6 insertions(+), 19 deletions(-)

--- NEW FILE openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch ---
Index: source/filter/rtf/swparrtf.cxx
===================================================================
RCS file: /cvs/sw/sw/source/filter/rtf/swparrtf.cxx,v
retrieving revision 1.64.36.1
diff -u -r1.64.36.1 swparrtf.cxx
--- openoffice.org.orig/sw/source/filter/rtf/swparrtf.cxx	1 Feb 2007 18:23:13 -0000	1.64.36.1
+++ openoffice.org/sw/source/filter/rtf/swparrtf.cxx	7 Apr 2007 11:03:07 -0000
@@ -3684,25 +3684,12 @@
 
 void SwRTFParser::ReadPrtData()
 {
-	// der Eingabe Stream steht auf der aktuellen Position
-	USHORT nLen = USHORT( nTokenValue ), nCnt = 0;
-	BYTE * pData = new BYTE[ nLen ];
-
-	while( IsParserWorking() ) 			// lese bis zur schliessenden Klammer
-	{
-		int nToken = GetNextToken();
-		if( RTF_TEXTTOKEN == nToken )
-		{
-			xub_StrLen nTknLen = HexToBin( aToken );
-			if( STRING_NOTFOUND != nTknLen )
-			{
-				memcpy( pData + nCnt, (sal_Char*)aToken.GetBuffer(), nTknLen );
-				nCnt += nTknLen;
-			}
-		}
-		else if( '}' == nToken )
-			break;
-	}
+	while( IsParserWorking() )
+    {
+        int nToken = GetNextToken();
+        if( (RTF_TEXTTOKEN != nToken) && ('}' == nToken) )
+            break;
+    }
 
     SkipToken( -1 );        // schliessende Klammer wieder zurueck!!
 }



Index: openoffice.org.spec
===================================================================
RCS file: /cvs/dist/rpms/openoffice.org/FC-5/openoffice.org.spec,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -r1.687 -r1.688
--- openoffice.org.spec	20 Feb 2007 14:23:33 -0000	1.687
+++ openoffice.org.spec	1 Jun 2007 11:16:38 -0000	1.688
@@ -1,6 +1,6 @@
 %define oootag OOB680
 %define ooomilestone 5
-%define rh_rpm_release 21
+%define rh_rpm_release 22
 
 %define build_fc5 1
 
@@ -190,6 +190,7 @@
 Patch62: openoffice.org-2.2.0.rh228008.escape.shell.patch
 Patch63: openoffice.org-2.2.0.rh226966.scoverflow.sc.patch
 Patch64: openoffice.org-2.0.4.ooo71039.svx.purevirtual.patch
+Patch65: openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch
 
 %define instdir %{_libdir}/openoffice.org2.0
 
@@ -863,6 +864,7 @@
 %patch62 -p1 -b .rh228008.escape.shell.patch
 %patch63 -p1 -b .rh226966.scoverflow.sc.patch
 %patch64 -p1 -b .ooo71039.svx.purevirtual.patch
+%patch65 -p1 -b .ooo77214.rtfprtdata.sw.patch
 
 %if %{includingexternals}
 #start ludicrous workaround
@@ -3308,6 +3310,9 @@
 %{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu
 
 %changelog
+* Fri Jun 01 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.0.2-5.22
+- Resolves: CVE-2007-0245 ooo#77214 rtf prtdata
+
 * Tue Feb 20 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.0.2-5.21
 - Resolves: CVE-2007-0239 rhbz#228008 shell escape
 - Resolves: CVE-2007-0238 rhbz#226966 buffer overflows


