fix for xpdf makeFileKey2 stack overflow, #78620

author: Carsten Lohrke <carlo@gentoo.org> 2005-01-19 12:41:55 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2005-01-19 12:41:55 +0000
commit: cd706f380bab827c5855d6296dc148b758a62384 (patch)
tree: 99dd0dcbdc78aafb955e5dd616056f66d85f9d12 /app-office/koffice/files
parent: *really* remove old ebuild digests (diff)
download: gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.tar.gz
gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.tar.bz2
gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.zip
2 files changed, 32 insertions, 0 deletions
diff --git a/app-office/koffice/files/CAN-2005-0064.patch b/app-office/koffice/files/CAN-2005-0064.patch
new file mode 100644
index 000000000000..e50d23259f6c
--- /dev/null
+++ b/app-office/koffice/files/CAN-2005-0064.patch
@@ -0,0 +1,31 @@
+--- filters/kword/pdf/xpdf/xpdf/Decrypt.cc.jn	2002-12-06 00:44:32.000000000 +0100
++++ filters/kword/pdf/xpdf/xpdf/Decrypt.cc	2005-01-14 13:38:48.192647128 +0100
+@@ -132,13 +132,19 @@ GBool Decrypt::makeFileKey2(int encVersi
+   Guchar *buf;
+   Guchar test[32];
+   Guchar fState[256];
+-  Guchar tmpKey[16];
++  Guchar *tmpKey;
+   Guchar fx, fy;
+   int len, i, j;
+   GBool ok;
+ 
++  // check whether we have non-zero keyLength
++  if ( !keyLength ) {
++    return gFalse;
++  }
++  
+   // generate file key
+   buf = (Guchar *)gmalloc(68 + fileID->getLength());
++  tmpKey = (Guchar *)gmalloc(keyLength * sizeof(Guchar));
+   if (userPassword) {
+     len = userPassword->getLength();
+     if (len < 32) {
+@@ -191,6 +197,7 @@ GBool Decrypt::makeFileKey2(int encVersi
+     ok = gFalse;
+   }
+ 
++  gfree(tmpKey);
+   gfree(buf);
+   return ok;
+ }
diff --git a/app-office/koffice/files/digest-koffice-1.3.5-r2 b/app-office/koffice/files/digest-koffice-1.3.5-r2
new file mode 100644
index 000000000000..4835c6338154
--- /dev/null
+++ b/app-office/koffice/files/digest-koffice-1.3.5-r2
@@ -0,0 +1 @@
+MD5 dbc7e76c86647709a3e74f57c0fcf7f5 koffice-1.3.5.tar.bz2 10778584
author	Carsten Lohrke <carlo@gentoo.org>	2005-01-19 12:41:55 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2005-01-19 12:41:55 +0000
commit	cd706f380bab827c5855d6296dc148b758a62384 (patch)
tree	99dd0dcbdc78aafb955e5dd616056f66d85f9d12 /app-office/koffice/files
parent	really remove old ebuild digests (diff)
download	gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.tar.gz gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.tar.bz2 gentoo-2-cd706f380bab827c5855d6296dc148b758a62384.zip