Fix CVE-2006-5864.

author Carlos Garcia Campos <carlosgc@gnome.org>

Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)

committer Carlos Garcia Campos <carlosgc@src.gnome.org>

Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)
author Carlos Garcia Campos <carlosgc@gnome.org>
Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)
committer Carlos Garcia Campos <carlosgc@src.gnome.org>
Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)
diff --git a/ChangeLog b/ChangeLog

index 40a70066757f654f77ab634df360d831844e7a64..fdfb9e1785e68af721d4738ff68a8522579eb9c7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-11-30  Carlos Garcia Campos  <carlosgc@gnome.org>
+
+       * ps/ps.c: (get_next_text):
+
+       Fix CVE-2006-5864.
+
  2006-11-22  Carlos Garcia Campos  <carlosgc@gnome.org>
  
         * shell/ev-history.c: (ev_history_finalize), (ev_history_class_init):
diff --git a/ps/ps.c b/ps/ps.c

index 30b9e5675acb8a14acdcfa42c75d3cdba3ad00d9..b4b54e05a2f1eba31d382b0c14e8197ea5426c4c 100644 (file)
--- a/ps/ps.c
+++ b/ps/ps.c
@@ -1231,7 +1231,8 @@ get_next_text(line, next_char)
      int level = 0;
      quoted = 1;
      line++;
-    while(*line && !(*line == ')' && level == 0)) {
+    while(*line && !(*line == ')' && level == 0)
+         && (cp - text) < PSLINELENGTH - 1) {
        if(*line == '\\') {
          if(*(line + 1) == 'n') {
            *cp++ = '\n';
@@ -1302,7 +1303,8 @@ get_next_text(line, next_char)
      }
    }
    else {
-    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
+    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n')
+         && (cp - text) < PSLINELENGTH - 1)
        *cp++ = *line++;
    }
    *cp = '\0';
author	Carlos Garcia Campos <carlosgc@gnome.org>
	Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)
committer	Carlos Garcia Campos <carlosgc@src.gnome.org>
	Thu, 30 Nov 2006 13:36:33 +0000 (13:36 +0000)
ChangeLog		patch \| blob \| history
ps/ps.c		patch \| blob \| history