diff options
Diffstat (limited to 'games/openlierox')
| -rw-r--r-- | games/openlierox/Makefile | 2 | ||||
| -rw-r--r-- | games/openlierox/files/patch-CVE-2015-2331 | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/games/openlierox/Makefile b/games/openlierox/Makefile index ab8573022afb..689d165517b6 100644 --- a/games/openlierox/Makefile +++ b/games/openlierox/Makefile @@ -3,7 +3,7 @@ PORTNAME= openlierox DISTVERSION= 0.58_rc3 -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH= 1 CATEGORIES= games MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/OpenLieroX%20${DISTVERSION:C/_/%20/} diff --git a/games/openlierox/files/patch-CVE-2015-2331 b/games/openlierox/files/patch-CVE-2015-2331 new file mode 100644 index 000000000000..36da2c4f5dc8 --- /dev/null +++ b/games/openlierox/files/patch-CVE-2015-2331 @@ -0,0 +1,18 @@ +From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 17 Mar 2015 21:59:56 -0700 +Subject: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary + +diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c +index b9dac5c..0090801 100644 +--- libs/libzip/zip_dirent.c ++++ libs/libzip/zip_dirent.c +@@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error) + return NULL; + } + +- if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry)) ++ if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) + == NULL) { + _zip_error_set(error, ZIP_ER_MEMORY, 0); + free(cd); |