diff options
Diffstat (limited to 'sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch')
-rw-r--r-- | sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch b/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch deleted file mode 100644 index 9debd3b9da3f..000000000000 --- a/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch +++ /dev/null @@ -1,21 +0,0 @@ -Origin: http://trac.networkupstools.org/projects/nut/changeset/3633 -Description: Fix CVE-2012-2944: upsd can be remotely crashed - -Index: nut-2.6.3/common/parseconf.c -=================================================================== ---- nut-2.6.3.orig/common/parseconf.c 2011-10-04 02:06:25.000000000 -0500 -+++ nut-2.6.3/common/parseconf.c 2012-05-30 13:29:41.000000000 -0500 -@@ -171,6 +171,13 @@ - - wbuflen = strlen(ctx->wordbuf); - -+ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */ -+ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) { -+ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n", -+ ctx->ch); -+ return; -+ } -+ - if (ctx->wordlen_limit != 0) { - if (wbuflen >= ctx->wordlen_limit) { - |