Here is the fix for this DoS, from upstream git:
Author: Kevin Smith <kism...@aegeus.local>
Date: Wed Dec 17 17:38:39 2008 +0000
Justin's fix for DOS vulnerability in file transfer code
diff --git a/cutestuff/network/socks.cpp b/cutestuff/network/socks.cpp
index 31d728d..91e7e19 100644
--- a/cutestuff/network/socks.cpp
+++ b/cutestuff/network/socks.cpp
@@ -261,7 +261,8 @@ static int spc_get_version(QByteArray *from, SPCS_VERSION
*s)
return -1;
if(from->size() < 2)
return 0;
- int num = from->at(1);
+ unsigned char mlen = from->at(1);
+ int num = mlen;
if(num > 16) // who the heck has over 16 auth methods??
return -1;
if(from->size() < 2 + num)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
