diff options
author | Mike Frysinger <vapier@gentoo.org> | 2006-06-10 12:49:56 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2006-06-10 12:49:56 +0000 |
commit | 7f739a4c67f36ec87f3189706154e2c452f36527 (patch) | |
tree | 3b146fea6e80d75352cff26eafe7e98284cb7722 /games-action/0verkill/files | |
parent | Move /lib/cpp creation to pkg_postinst (bug #135862) (diff) | |
download | historical-7f739a4c67f36ec87f3189706154e2c452f36527.tar.gz historical-7f739a4c67f36ec87f3189706154e2c452f36527.tar.bz2 historical-7f739a4c67f36ec87f3189706154e2c452f36527.zip |
Fix remote crash #136222.
Package-Manager: portage-2.1
Diffstat (limited to 'games-action/0verkill/files')
-rw-r--r-- | games-action/0verkill/files/0verkill-0.16-underflow-check.patch | 17 | ||||
-rw-r--r-- | games-action/0verkill/files/digest-0verkill-0.16-r3 | 1 |
2 files changed, 18 insertions, 0 deletions
diff --git a/games-action/0verkill/files/0verkill-0.16-underflow-check.patch b/games-action/0verkill/files/0verkill-0.16-underflow-check.patch new file mode 100644 index 000000000000..d0af396deafd --- /dev/null +++ b/games-action/0verkill/files/0verkill-0.16-underflow-check.patch @@ -0,0 +1,17 @@ +The vulnerability is cause due to an integer underflow error in "recv_packet()" +within the handling of a received UDP packet. This can be exploited to cause +out-of-bounds memory access which crashes the server process via a UDP packet +that is smaller than 12 bytes in size. + +http://bugs.gentoo.org/136222 + +--- 0verkill-0.16/net.c ++++ 0verkill-0.16/net.c +@@ -84,6 +84,7 @@ + p=mem_alloc(max_len+12); + if (!p)return -1; /* not enough memory */ + retval=recvfrom(fd,p,max_len+12,0,addr,addr_len); ++ if (retval<12)return -1; /* not enough data from network */ + memcpy(packet,p+12,max_len); + crc=p[0]+(p[1]<<8)+(p[2]<<16)+(p[3]<<24); + s=p[4]+(p[5]<<8)+(p[6]<<16)+(p[7]<<24); diff --git a/games-action/0verkill/files/digest-0verkill-0.16-r3 b/games-action/0verkill/files/digest-0verkill-0.16-r3 new file mode 100644 index 000000000000..d7375b8806ba --- /dev/null +++ b/games-action/0verkill/files/digest-0verkill-0.16-r3 @@ -0,0 +1 @@ +MD5 814097fc21a82723a40ec8ae5dd792a7 0verkill-0.16.tgz 276579 |