Fix vulnerabilites based on email:

[ISE-TPS-2014-008] Heap Overflow Vulnerability in Haserl 0.9.32
author: Nathan Angelacos <nangel@alpinelinux.org> 2014-06-07 18:28:55 +0000
committer: Nathan Angelacos <nangel@alpinelinux.org> 2014-06-07 18:28:55 +0000
commit: a34ea4fe74eed37c3550cb0ead159c85beba7090 (patch)
tree: c59aa617f8cd48a001a3ab9b9630000947a903d2 /src/sliding_buffer.c
parent: 403ad382e15ddc1d434c69e6d41992c824c22e09 (diff)
download: haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.bz2
haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.xz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/sliding_buffer.c b/src/sliding_buffer.c
index f93ebe0..be4ea88 100644
--- a/src/sliding_buffer.c
+++ b/src/sliding_buffer.c
@@ -1,5 +1,5 @@
 /* --------------------------------------------------------------------------
- * Copyright 2003-2011 (inclusive) Nathan Angelacos 
+ * Copyright 2003-2014 (inclusive) Nathan Angelacos 
  *                   (nangel@users.sourceforge.net)
  * 
  *   This file is part of haserl.
@@ -128,6 +128,11 @@ s_buffer_read (sliding_buffer_t * sbuf, char *matchstr)
    */
   pos = 0;
   len = sbuf->bufsize - (int) (sbuf->ptr - sbuf->buf) - strlen (matchstr);
+  /* On a short read or very long matchstr, its possible to force len < 0 - That is bad. */
+  if ( len < 0 ) i
+    {
+      die_with_message ( NULL, NULL, 'Short Read or MIME decode failure' );
+    }
   while (memcmp (matchstr, sbuf->ptr + pos, strlen (matchstr)) && (pos < len))
     {
       pos++;
author	Nathan Angelacos <nangel@alpinelinux.org>	2014-06-07 18:28:55 +0000
committer	Nathan Angelacos <nangel@alpinelinux.org>	2014-06-07 18:28:55 +0000
commit	a34ea4fe74eed37c3550cb0ead159c85beba7090 (patch)
tree	c59aa617f8cd48a001a3ab9b9630000947a903d2 /src/sliding_buffer.c
parent	403ad382e15ddc1d434c69e6d41992c824c22e09 (diff)
download	haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.bz2 haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.xz