libosip2: add upstream security fix

author Peter Korsgaard <peter@korsgaard.com>

Sun, 16 Jul 2017 14:23:09 +0000 (16:23 +0200)

committer Peter Korsgaard <peter@korsgaard.com>

Wed, 19 Jul 2017 18:35:05 +0000 (20:35 +0200)
author Peter Korsgaard <peter@korsgaard.com>
Sun, 16 Jul 2017 14:23:09 +0000 (16:23 +0200)
committer Peter Korsgaard <peter@korsgaard.com>
Wed, 19 Jul 2017 18:35:05 +0000 (20:35 +0200)
diff --git a/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch b/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch

new file mode 100644 (file)

index 0000000..7f2c2d4
--- /dev/null
+++ b/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch
@@ -0,0 +1,30 @@
+From 7e0793e15e21f68337e130c67b031ca38edf055f Mon Sep 17 00:00:00 2001
+From: Aymeric Moizard <amoizard@gmail.com>
+Date: Mon, 5 Sep 2016 15:01:53 +0200
+Subject: [PATCH]  * fix bug report: sr #109133: Heap buffer overflow in
+ utility function *osip_clrncpy*    https://savannah.gnu.org/support/?109133
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/osipparser2/osip_port.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/osipparser2/osip_port.c b/src/osipparser2/osip_port.c
+index 0e64147..d8941b0 100644
+--- a/src/osipparser2/osip_port.c
++++ b/src/osipparser2/osip_port.c
+@@ -1291,8 +1291,10 @@ osip_clrncpy (char *dst, const char *src, size_t len)
+       char *p;
+       size_t spaceless_length;
+ 
+-      if (src == NULL)
++      if (src == NULL || len == 0) {
++              *dst = '\0';
+               return NULL;
++      }
+ 
+       /* find the start of relevant text */
+       pbeg = src;
+-- 
+2.11.0
+
author	Peter Korsgaard <peter@korsgaard.com>
	Sun, 16 Jul 2017 14:23:09 +0000 (16:23 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Wed, 19 Jul 2017 18:35:05 +0000 (20:35 +0200)