head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.46 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.44 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.42 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.40 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.38 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.36 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.34 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.32 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.30 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.28 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.26 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.24 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.22 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.20 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.18 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.16 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.14 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.12 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.10 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.8 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.6 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.4 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.2 pkgsrc-2004Q4-base:1.3; locks; strict; comment @# @; 1.3 date 2004.10.09.14.01.03; author mjl; state dead; branches; next 1.2; 1.2 date 2004.10.09.06.48.39; author mjl; state Exp; branches; next 1.1; 1.1 date 2004.10.08.21.02.54; author mjl; state Exp; branches; next ; desc @@ 1.3 log @Update pwlib to 1.8.2 The development site silently moved away from openh323.org without even a notice on that page. That page still advertises 1.5.2 as the latest version, even though development is alive and kicking and is at 1.8.2 now. Oh well... @ text @$NetBSD: patch-bc,v 1.2 2004/10/09 06:48:39 mjl Exp $ Fix CAN-2004-0097 vulnerability. From: %FreeBSD: /repoman/r/pcvs/ports/devel/pwlib/files/patch-src::ptclib::asner.cxx,v 1.1 2004/06/08 06:27:43 sobomax Exp % --- src/ptclib/asnper.cxx 2004/06/03 14:44:43 1.1 +++ src/ptclib/asnper.cxx 2004/06/03 14:50:35 @@@@ -4926,6 +4926,11 @@@@ return -1; value += lower; + + // clamp value to upper limit + if (value > upper) + value = upper; + return 0; } @@@@ -4970,7 +4975,13 @@@@ unsigned base; if (!MultiBitDecode(CountBits(upper - lower + 1), base)) return -1; - return lower + base; // 10.9.4.1 + len = lower + base; // 10.9.4.1 + + // clamp value to upper limit + if (len > upper) + len = upper; + + return len; } if (upper < 65536) // 10.9.3.3 @@@@ -4981,13 +4992,20 @@@@ if (IsAtEnd()) return -1; - if (SingleBitDecode() == 0) - return MultiBitDecode(7, len) ? 0 : -1; // 10.9.3.6 + if (SingleBitDecode() == 0) { + if (!MultiBitDecode(7, len)) // 10.9.3.6 + return -1; // 10.9.3.8 unsupported + } + else if (SingleBitDecode() == 0) { + if (!MultiBitDecode(14, len)) // 10.9.3.7 + return -1; // 10.9.3.8 unsupported + } - if (SingleBitDecode() == 0) - return MultiBitDecode(14, len) ? 0 : -1; // 10.9.3.7 + // clamp value to upper limit + if (len > upper) + len = upper; - return -1; // 10.9.3.8 unsupported + return 0; } @ 1.2 log @Note what the patch does and where it comes from. @ text @d1 1 a1 1 $NetBSD: patch-bc,v 1.1 2004/10/08 21:02:54 mjl Exp $ @ 1.1 log @Update pwlib to 1.5.2 Make this compile with newer gcc versions, and bring in a more recent version of the library. No changelog is available unfortunately. @ text @d1 4 a4 1 $NetBSD$ @