aboutsummaryrefslogtreecommitdiffstats
path: root/main/antiword/CVE-2014-8123.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/antiword/CVE-2014-8123.patch')
-rw-r--r--main/antiword/CVE-2014-8123.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/main/antiword/CVE-2014-8123.patch b/main/antiword/CVE-2014-8123.patch
new file mode 100644
index 0000000000..48a752bb64
--- /dev/null
+++ b/main/antiword/CVE-2014-8123.patch
@@ -0,0 +1,28 @@
+From a17e48746d7203f91a2c3bb1cdcbe9023c8d37a0 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk () fabiankeil de>
+Date: Tue, 25 Nov 2014 18:58:52 +0100
+Subject: [PATCH] bGetPPS(): Prevent overflow of atPPSlist[].szName[]
+
+---
+ wordole.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/wordole.c b/wordole.c
+index 8a95fb9..7797d1f 100644
+--- a/wordole.c
++++ b/wordole.c
+@@ -259,6 +259,11 @@ bGetPPS(FILE *pFile,
+ }
+ tNameSize = (size_t)usGetWord(0x40, aucBytes);
+ tNameSize = (tNameSize + 1) / 2;
++ if (tNameSize >= sizeof(atPPSlist[0].szName)) {
++ werr(0, "PPS %d appears to be invalid.", iIndex);
++ atPPSlist = xfree(atPPSlist);
++ return FALSE;
++ }
+ vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
+ atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
+ if (atPPSlist[iIndex].ucType == 5) {
+--
+2.1.2
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-26 22:54:39 +0000