From a34ea4fe74eed37c3550cb0ead159c85beba7090 Mon Sep 17 00:00:00 2001 From: Nathan Angelacos Date: Sat, 7 Jun 2014 18:28:55 +0000 Subject: Fix vulnerabilites based on email: [ISE-TPS-2014-008] Heap Overflow Vulnerability in Haserl 0.9.32 --- src/sliding_buffer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/sliding_buffer.c') diff --git a/src/sliding_buffer.c b/src/sliding_buffer.c index f93ebe0..be4ea88 100644 --- a/src/sliding_buffer.c +++ b/src/sliding_buffer.c @@ -1,5 +1,5 @@ /* -------------------------------------------------------------------------- - * Copyright 2003-2011 (inclusive) Nathan Angelacos + * Copyright 2003-2014 (inclusive) Nathan Angelacos * (nangel@users.sourceforge.net) * * This file is part of haserl. @@ -128,6 +128,11 @@ s_buffer_read (sliding_buffer_t * sbuf, char *matchstr) */ pos = 0; len = sbuf->bufsize - (int) (sbuf->ptr - sbuf->buf) - strlen (matchstr); + /* On a short read or very long matchstr, its possible to force len < 0 - That is bad. */ + if ( len < 0 ) i + { + die_with_message ( NULL, NULL, 'Short Read or MIME decode failure' ); + } while (memcmp (matchstr, sbuf->ptr + pos, strlen (matchstr)) && (pos < len)) { pos++; -- cgit v1.2.3