diff options
Diffstat (limited to 'debian/patches/CVE-2023-42116.patch')
| -rw-r--r-- | debian/patches/CVE-2023-42116.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/debian/patches/CVE-2023-42116.patch b/debian/patches/CVE-2023-42116.patch new file mode 100644 index 0000000..cb22cd7 --- /dev/null +++ b/debian/patches/CVE-2023-42116.patch @@ -0,0 +1,26 @@ +From: Markus Koschany <apo@debian.org> +Date: Sun, 1 Oct 2023 10:16:05 +0200 +Subject: CVE-2023-42116 + +Upstream-Bug: 3000 + +Originally created by Jeremy Harris. +--- + src/auths/auth-spa.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c +index dea6a89..ae8da9c 100644 +--- a/src/auths/auth-spa.c ++++ b/src/auths/auth-spa.c +@@ -1223,7 +1223,9 @@ char versionString[] = "libntlm version 0.21"; + + #define spa_bytes_add(ptr, header, buf, count) \ + { \ +-if (buf != NULL && count != 0) /* we hate -Wint-in-bool-contex */ \ ++if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \ ++ && ptr->bufIndex + count < sizeof(ptr->buffer) \ ++ ) \ + { \ + SSVAL(&ptr->header.len,0,count); \ + SSVAL(&ptr->header.maxlen,0,count); \ |