ALT Linux Bugzilla
– Attachment 3654 Details for
Bug 20701
CVE-2009-2368 SS5 array index overflow
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
fix CVE-2009-2368
CVE-2009-2368.patch (text/plain), 1.22 KB, created by
Vladimir Lettiev
on 2009-07-09 12:46:31 MSD
(
hide
)
Description:
fix CVE-2009-2368
Filename:
MIME Type:
Creator:
Vladimir Lettiev
Created:
2009-07-09 12:46:31 MSD
Size:
1.22 KB
patch
obsolete
>diff --git a/ss5/modules/mod_socks4/SS5Mod_socks4.c b/ss5/modules/mod_socks4/SS5Mod_socks4.c >index 3151df4..b9cb292 100644 >--- a/ss5/modules/mod_socks4/SS5Mod_socks4.c >+++ b/ss5/modules/mod_socks4/SS5Mod_socks4.c >@@ -44,7 +44,8 @@ S5RetCode RequestParsing(struct _SS5AuthInfo *ai, struct _SS5MethodInfo *mi, str > memcpy(sd->TcpRequest,sd->MethodRequest,sd->MethodBytesReceived); > > ri->Ver=mi->Ver; >- ri->Cmd=(unsigned char)sd->TcpRequest[1]; >+ if( (ri->Cmd=(unsigned char)sd->TcpRequest[1]) > 3 || ri->Cmd < 1) >+ return ERR; > > if( !(unsigned char)sd->TcpRequest[4] && !(unsigned char)sd->TcpRequest[5] && !(unsigned char)sd->TcpRequest[6] && (unsigned char)sd->TcpRequest[7] ) { > /* >diff --git a/ss5/modules/mod_socks5/SS5Mod_socks5.c b/ss5/modules/mod_socks5/SS5Mod_socks5.c >index 402cd64..f3b4d03 100644 >--- a/ss5/modules/mod_socks5/SS5Mod_socks5.c >+++ b/ss5/modules/mod_socks5/SS5Mod_socks5.c >@@ -153,7 +153,8 @@ S5RetCode RequestParsing(struct _SS5ClientInfo *ci, struct _SS5Socks5Data *sd, s > } > > ri->Ver=(unsigned char)sd->TcpRequest[0]; >- ri->Cmd=(unsigned char)sd->TcpRequest[1]; >+ if( (ri->Cmd=(unsigned char)sd->TcpRequest[1]) > 3 || ri->Cmd < 1) >+ return ERR; > > switch( sd->TcpRequest[3] ) { > case IPV4:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3654">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 20701
: 3654
