[Frugalware-darcs] frugalware-0.6: nas-1.8-2terminus1-i686
voroskoi
voroskoi at frugalware.org
Wed Mar 28 12:14:18 CEST 2007
Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070328101251-dd049-ddb6384715e26dbe7ab1dbc35638b0285650a733.gz;
[nas-1.8-2terminus1-i686
voroskoi <voroskoi at frugalware.org>**20070328101251
secfix relbump, closes #1843
] {
addfile ./source/xmultimedia/nas/50_server_dos_fixes.dpatch.diff
hunk ./source/xmultimedia/nas/50_server_dos_fixes.dpatch.diff 1
+diff -urNad nas-1.8~/server/dia/audispatch.c nas-1.8/server/dia/audispatch.c
+--- nas-1.8~/server/dia/audispatch.c 1999-09-04 19:43:11.000000000 -0700
++++ nas-1.8/server/dia/audispatch.c 2007-03-22 12:09:39.984329127 -0700
+@@ -592,8 +592,9 @@
+
+ #define FREE_FLOW_ERROR(e, v) \
+ { \
++ CARD8 val = (v); \
+ AuFreeFlowElements(flow); \
+- AU_ERROR(e, v); \
++ AU_ERROR(e, val); \
+ }
+
+ int
+@@ -621,6 +622,13 @@
+
+ /* compute length of variable data and do some error checking */
+ for (i = varLen = numActions = 0; i < stuff->numElements; i++, el++)
++ {
++ if (el >= ((auElement *)&stuff[1] +
++ ((stuff->length << 2) - sizeof(auSetElementsReq))) )
++ {
++ AU_ERROR(AuBadLength, 0);
++ }
++
+ switch (el->type)
+ {
+ case AuElementTypeImportClient:
+@@ -659,6 +667,7 @@
+ default:
+ AU_ERROR(AuBadElement, el->type);
+ }
++ }
+
+ /* size of element list */
+ len = (stuff->length << 2) - sizeof(auSetElementsReq);
+diff -urNad nas-1.8~/server/dia/auutil.c nas-1.8/server/dia/auutil.c
+--- nas-1.8~/server/dia/auutil.c 2005-11-02 19:06:14.000000000 -0800
++++ nas-1.8/server/dia/auutil.c 2007-03-22 12:07:36.065918713 -0700
+@@ -240,6 +240,13 @@
+ dataSize = numSamples * sizeofFormat(format) * numTracks;
+ minibufSize = auNativeBytesPerSample * auMinibufSamples * numTracks;
+
++ /* check for a possible integer overflow first, before possibly
++ allocating a much smaller buffer than is really required. */
++ if (dataSize > (PAD4(sizeof(ComponentRec)) +
++ PAD4(dataSize) +
++ PAD4(minibufSize) * 2))
++ return NULL;
++
+ /* the minibuf needs to be twice as large for output range checking */
+ if (!(port = (ComponentPtr) aualloc(PAD4(sizeof(ComponentRec)) +
+ PAD4(dataSize) +
+@@ -714,6 +721,10 @@
+
+ /* compile the inputs for this output */
+ inputCnt = 0;
++
++ if (output->firstInput > flow->numElements)
++ return AuBadElement;
++
+ status = compileInputs(client, flow->elements, output,
+ output->firstInput,
+ AuFixedPointFromSum(1, 0),
+diff -urNad nas-1.8~/server/dia/resource.c nas-1.8/server/dia/resource.c
+--- nas-1.8~/server/dia/resource.c 1999-05-08 11:47:38.000000000 -0700
++++ nas-1.8/server/dia/resource.c 2007-03-22 12:10:45.863737087 -0700
+@@ -303,9 +303,9 @@
+ rrec = &clientTable[client];
+ if (!rrec->buckets)
+ {
+- ErrorF("AddResource(%x, %x, %x), client=%d \n",
++ ErrorF("AddResource(%x, %x, %x), client=%d (client not in use)\n",
+ id, type, (unsigned long)value, client);
+- FatalError("client not in use\n");
++ return FALSE;
+ }
+ if ((rrec->elements >= 4*rrec->buckets) &&
+ (rrec->hashsize < MAXHASHSIZE))
+diff -urNad nas-1.8~/server/os/connection.c nas-1.8/server/os/connection.c
+--- nas-1.8~/server/os/connection.c 2005-04-07 12:08:14.000000000 -0700
++++ nas-1.8/server/os/connection.c 2007-03-22 12:04:26.620118307 -0700
+@@ -899,13 +899,15 @@
+ }
+ #endif /* SVR4 */
+
++#define _MAX_SLAVENM (256)
++
+ static int
+ accept_att_local()
+ {
+ int newconn;
+ int read_in;
+- char length;
+- char path[64];
++ unsigned char length;
++ char path[_MAX_SLAVENM];
+
+ /*
+ * first get device-name
+@@ -915,6 +917,9 @@
+ return(-1);
+ }
+
++ if (length >= _MAX_SLAVENM)
++ length = _MAX_SLAVENM - 1;
++
+ if( (read_in = read(ptsFd, path, length)) <= 0 ) {
+ Error("audio server: Can't read slave name from USL client connection");
+ return(-1);
+@@ -1506,7 +1511,7 @@
+ (struct sockaddr *) NULL,
+ (socklen_t *)NULL)) < 0)
+ continue;
+- if (newconn > lastfdesc)
++ if (newconn >= lastfdesc -1)
+ {
+ ErrorConnMax(newconn);
+ close(newconn);
+@@ -1596,6 +1601,7 @@
+ char byteOrder = 0;
+ int whichbyte = 1;
+ struct timeval waittime;
++ int rv = 0;
+ #ifndef _MINIX
+ long mask[mskcnt];
+ #endif /* !_MINIX */
+@@ -1608,12 +1614,16 @@
+ CLEARBITS(mask);
+ BITSET(mask, fd);
+ #ifdef hpux
+- (void)select(fd + 1, (int *) mask, (int *) NULL, (int *) NULL,
++ rv = select(fd + 1, (int *) mask, (int *) NULL, (int *) NULL,
+ &waittime);
+ #else
+- (void)select(fd + 1, (fd_set *) mask, (fd_set *) NULL, (fd_set *) NULL,
++ rv = select(fd + 1, (fd_set *) mask, (fd_set *) NULL, (fd_set *) NULL,
+ &waittime);
+ #endif
++
++ if (rv == 0)
++ return;
++
+ /* try to read the byte-order of the connection */
+ (void)read(fd, &byteOrder, 1);
+ #else
hunk ./source/xmultimedia/nas/FrugalBuild 6
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/xmultimedia/nas/FrugalBuild 16
-source=(http://nas.codebrilliance.com/$pkgname/$pkgname-$pkgver.src.tar.gz nasd rc.nasd rc.nasd-hu.po)
-sha1sums=('6752861196f0b11db93572d935dc87bc6c0da348' \
- 'd2a8b9dff4487aace614fe2f35b297a1f3471dd3' \
- '39ba094543791d2b681bc288276f2d1cab28df87' \
- '13c0604884801eb1a0a44059924eb9476e121a78')
+source=(http://nas.codebrilliance.com/$pkgname/$pkgname-$pkgver.src.tar.gz nasd rc.nasd rc.nasd-hu.po 50_server_dos_fixes.dpatch.diff)
hunk ./source/xmultimedia/nas/FrugalBuild 21
+ Fpatchall
hunk ./source/xmultimedia/nas/FrugalBuild 35
-
-# optimization OK
+sha1sums=('6752861196f0b11db93572d935dc87bc6c0da348'\
+ 'd2a8b9dff4487aace614fe2f35b297a1f3471dd3'\
+ '39ba094543791d2b681bc288276f2d1cab28df87'\
+ '13c0604884801eb1a0a44059924eb9476e121a78'\
+ '410cbd1017328be8abe44e599d3ffb15057120b7')
}
More information about the Frugalware-darcs
mailing list