blob: e95ed9cf23baa7cc61c08f1362d9615a57d55a24 (
plain)
1 Description: Filename buffer overflow fix
2 This patch fixes a security hole by a bad buffer size handling.
3 Author: Roland Stigge <stigge@antcom.de>
4 Bug-Debian: http://bugs.debian.org/645118
5
6 --- a/src/libjasper/include/jasper/jas_stream.h
7 +++ b/src/libjasper/include/jasper/jas_stream.h
8 @@ -77,6 +77,7 @@
9 #include <jasper/jas_config.h>
10
11 #include <stdio.h>
12 +#include <limits.h>
13 #if defined(JAS_HAVE_FCNTL_H)
14 #include <fcntl.h>
15 #endif
16 @@ -99,6 +100,12 @@ extern "C" {
17 #define O_BINARY 0
18 #endif
19
20 +#ifdef PATH_MAX
21 +#define JAS_PATH_MAX PATH_MAX
22 +#else
23 +#define JAS_PATH_MAX 4096
24 +#endif
25 +
26 /*
27 * Stream open flags.
28 */
29 @@ -251,7 +258,7 @@ typedef struct {
30 typedef struct {
31 int fd;
32 int flags;
33 - char pathname[L_tmpnam + 1];
34 + char pathname[JAS_PATH_MAX + 1];
35 } jas_stream_fileobj_t;
36
37 #define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
|
