summarylogtreecommitdiffstats
path: root/jasper-1.900.1-fix-filename-buffer-overflow.patch
blob: e95ed9cf23baa7cc61c08f1362d9615a57d55a24 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Description: Filename buffer overflow fix
 This patch fixes a security hole by a bad buffer size handling.
Author: Roland Stigge <stigge@antcom.de>
Bug-Debian: http://bugs.debian.org/645118

--- a/src/libjasper/include/jasper/jas_stream.h
+++ b/src/libjasper/include/jasper/jas_stream.h
@@ -77,6 +77,7 @@
 #include <jasper/jas_config.h>
 
 #include <stdio.h>
+#include <limits.h>
 #if defined(JAS_HAVE_FCNTL_H)
 #include <fcntl.h>
 #endif
@@ -99,6 +100,12 @@ extern "C" {
 #define O_BINARY	0
 #endif
 
+#ifdef PATH_MAX
+#define JAS_PATH_MAX PATH_MAX
+#else
+#define JAS_PATH_MAX 4096
+#endif
+
 /*
  * Stream open flags.
  */
@@ -251,7 +258,7 @@ typedef struct {
 typedef struct {
 	int fd;
 	int flags;
-	char pathname[L_tmpnam + 1];
+	char pathname[JAS_PATH_MAX + 1];
 } jas_stream_fileobj_t;
 
 #define	JAS_STREAM_FILEOBJ_DELONCLOSE	0x01