Opened 15 years ago
Closed 15 years ago
Fix for high level CA_PMT handler code (SIGSEGV due to buffer overflow)
cHlCiHandler::SetCaPmt? does not test CaPmt?.length > 256. This will cause a SIGSEGV due to memory overwrite at
memcpy(&msg.msg[4], CaPmt?.capmt, CaPmt?.length);
as struct ca_msg msg msg.msg is defined in the kernel as msg[256].
Attachments (1)
-
dvbci.patch (655 bytes) - added by anonymous 15 years ago.
Download all attachments as: .zip
Change History (9)
Changed 15 years ago by anonymous
Status: |
new →
infoneeded_new
|
Milestone: |
unknown →
0.22
|
Version: |
unknown →
head
|
Status: |
infoneeded_new →
new
|
Owner: |
changed from Isaac Richards to danielk
|
Status: |
new →
assigned
|
Resolution: |
→ fixed
|
Status: |
assigned →
closed
|
Resolution: |
fixed
|
Status: |
closed →
new
|
Resolution: |
→ fixed
|
Status: |
new →
closed
|
Can you adjust this patch so it uses appropriate VERBOSE macros, please?