jasper/repos/extra-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch

   1 Description: Filename buffer overflow fix
   2  This patch fixes a security hole by a bad buffer size handling.
   3 Author: Roland Stigge <stigge@antcom.de>
   4 Bug-Debian: http://bugs.debian.org/645118
   5
   6 --- a/src/libjasper/include/jasper/jas_stream.h
   7 +++ b/src/libjasper/include/jasper/jas_stream.h
   8 @@ -77,6 +77,7 @@
   9  #include <jasper/jas_config.h>
  10
  11  #include <stdio.h>
  12 +#include <limits.h>
  13  #if defined(JAS_HAVE_FCNTL_H)
  14  #include <fcntl.h>
  15  #endif
  16 @@ -99,6 +100,12 @@ extern "C" {
  17  #define O_BINARY       0
  18  #endif
  19
  20 +#ifdef PATH_MAX
  21 +#define JAS_PATH_MAX PATH_MAX
  22 +#else
  23 +#define JAS_PATH_MAX 4096
  24 +#endif
  25 +
  26  /*
  27   * Stream open flags.
  28   */
  29 @@ -251,7 +258,7 @@ typedef struct {
  30  typedef struct {
  31         int fd;
  32         int flags;
  33 -       char pathname[L_tmpnam + 1];
  34 +       char pathname[JAS_PATH_MAX + 1];
  35  } jas_stream_fileobj_t;
  36
  37  #define        JAS_STREAM_FILEOBJ_DELONCLOSE   0x01