r4816 - trunk/patches

dj at linuxfromscratch.org dj at linuxfromscratch.org
Wed Jul 27 22:27:06 PDT 2005


Author: dj
Date: 2005-07-27 23:27:04 -0600 (Wed, 27 Jul 2005)
New Revision: 4816

Modified:
   trunk/patches/OOo_1.1.4-security-1.patch
Log:
Official upstream patch instead

Modified: trunk/patches/OOo_1.1.4-security-1.patch
===================================================================
--- trunk/patches/OOo_1.1.4-security-1.patch	2005-07-28 05:07:11 UTC (rev 4815)
+++ trunk/patches/OOo_1.1.4-security-1.patch	2005-07-28 05:27:04 UTC (rev 4816)
@@ -1,30 +1,21 @@
 Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
 Date: 2005-07-28
 Initial Package Version: 1.1.4
-Origin: CVS
-Description: Fixes overflow condition (see comments below)
+Origin: OOo-1.1.5 (official upstream change)
+Description: Fixes overflow condition - OOo Issue# 46388
 Upstream Status: Accepted
 
 $LastChangedBy$
 $Date$
 
 --- ooo-build-orig/sot/source/sdstor/stgole.cxx	2005-07-27 23:53:22.000000000 -0500
-+++ ooo-build/sot/source/sdstor/stgole.cxx	2005-07-28 00:00:14.000000000 -0500
-@@ -157,7 +157,16 @@
++++ ooo-build/sot/source/sdstor/stgole.cxx	2005-07-28 00:22:34.000000000 -0500
+@@ -156,6 +156,8 @@
+ 		*this >> aClsId;
  		INT32 nLen1 = 0;
  		*this >> nLen1;
++		// the higher bits are ignored
++		nLen1 &= 0xFFFF;
  		sal_Char* p = new sal_Char[ (USHORT) nLen1 ];
--		if( Read( p, nLen1 ) == (ULONG) nLen1 )
-+/*
-+
-+ * This is bad...16 bit value to alocate memory ^^ but 32 bits for length if 
-+
-+		if( Read( p, nLen1 ) == (ULONG) nLen1 ) 
-+
-+ * So mask the higher bits to avoid overflow attack 
-+
-+*/
-+		if( Read( p, nLen1&0xFFFF ) == (ULONG) (nLen1&0xFFFF) )
+ 		if( Read( p, nLen1 ) == (ULONG) nLen1 )
  		{
- 			aUserName = String( p, gsl_getSystemTextEncoding() );
- /*			// Now we can read the CB format




More information about the blfs-book mailing list