[pkg-remote-commits] [xrdp] 01/02: Fix regression introduced by last upload.
Dominik George
natureshadow-guest at moszumanska.debian.org
Wed Dec 20 18:57:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch master
in repository xrdp.
commit 3f72c8e8226bf6cb6572c6d80e81b9e8699f74c9
Author: Dominik George <nik at naturalnet.de>
Date: Wed Dec 20 19:42:25 2017 +0100
Fix regression introduced by last upload.
---
debian/changelog | 8 ++++++++
debian/patches/cve-2017-16927.patch | 16 ++++++++--------
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cb9ed85..4ee181e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xrdp (0.9.4-3) unstable; urgency=high
+
+ * Fix regression introduced by last upload. (Closes: #884702)
+ + Upstream's patch for CVE-2017-16927 turned out to be broken.
+ Thanks to Willem Mulder for reporting.
+
+ -- Dominik George <nik at naturalnet.de> Wed, 20 Dec 2017 19:40:16 +0100
+
xrdp (0.9.4-2) unstable; urgency=high
[ Dominik George ]
diff --git a/debian/patches/cve-2017-16927.patch b/debian/patches/cve-2017-16927.patch
index 9208213..81d133f 100644
--- a/debian/patches/cve-2017-16927.patch
+++ b/debian/patches/cve-2017-16927.patch
@@ -18,7 +18,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
/* reading username */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
-
+ buf[sz] = '\0';
@@ -34,7 +34,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
/* reading password */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
-
+ buf[sz] = '\0';
@@ -53,7 +53,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_domain(session, buf);
@@ -65,7 +65,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_program(session, buf);
@@ -77,7 +77,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_directory(session, buf);
@@ -89,7 +89,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_client_ip(session, buf);
@@ -102,7 +102,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
/* reading username */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
@@ -119,7 +119,7 @@ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
/* reading password */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git
More information about the pkg-remote-commits
mailing list