This commit is contained in:
parent
8337d8dde4
commit
e3f2094e13
GPG key ID:
C8D8BE544A27C511
13 changed files with 565 additions and 0 deletions
19
files/openslp-2.0.0-cve-2017-17833.patch
Normal file
19
files/openslp-2.0.0-cve-2017-17833.patch
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
|
||||
--- openslp-2.0.0/slpd/slpd_process.c.orig 2018-05-09 13:08:06.185104375 +0200
|
||||
+++ openslp-2.0.0/slpd/slpd_process.c 2018-05-09 13:07:21.017095089 +0200
|
||||
@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
|
||||
message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
|
||||
{
|
||||
errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
|
||||
+
|
||||
+ if (result != *sendbuf)
|
||||
+ {
|
||||
+ // The pointer stored at *sendbuf can be modified by a realloc
|
||||
+ // operation in ProcessDASrvRqst(). Fix up the local copy of
|
||||
+ // that pointer if necessary.
|
||||
+ result = *sendbuf;
|
||||
+ }
|
||||
+
|
||||
if (errorcode == 0)
|
||||
{
|
||||
/* Since we have an errorcode of 0, we were successful,
|
||||
Loading…
Add table
Add a link
Reference in a new issue