miniupnpc: security fix for CVE-2015-6031

This commit is contained in:
Jürgen Buchmüller 2015-10-25 14:58:04 +01:00
parent 270cfddc1e
commit 82f4404c9e
2 changed files with 17 additions and 1 deletions

View File

@ -0,0 +1,16 @@
This patch is equivalent to the original git commit
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
The released version with this fix contains a so revbump.
--- igd_desc_parse.c 2011-04-11 11:19:37.000000000 +0200
+++ igd_desc_parse.c 2015-10-25 14:53:40.348424486 +0100
@@ -15,6 +15,8 @@
void IGDstartelt(void * d, const char * name, int l)
{
struct IGDdatas * datas = (struct IGDdatas *)d;
+ if (l >= MINIUPNPC_URL_MAXSIZE)
+ l = MINIUPNPC_URL_MAXSIZE-1;
memcpy( datas->cureltname, name, l);
datas->cureltname[l] = '\0';
datas->level++;

View File

@ -1,7 +1,7 @@
# Template file for 'miniupnpc'
pkgname=miniupnpc
version=1.9
revision=2
revision=3
short_desc="A small UPnP client library/tool to access Internet Gateway Devices"
maintainer="Juan RP <xtraeme@voidlinux.eu>"
homepage="http://miniupnp.free.fr"