CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2015/01/05 16:14:36
Modified files:
lib/libevent : buffer.c event.h
Log message:
Fix CVE-2014-6272 in Libevent 1.4 from upstream:
-
https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf
- For this fix, we need to make sure that passing too-large inputs to
the evbuffer functions can't make us do bad things with the heap.
On top of that do:
- Update libevent version to 1.4.15-stable.
- Use SIZE_MAX from limits.h instead of a private define.
- Do not declare 'size_t need' twice to avoid a compiler warning.
OK sthen
