Author: Martín Ferrari <martin.ferrari@gmail.com>
Description: There are a coupĺe of offbyone errors that lead to buffer overflows
--- a/perliso9660.swg
+++ b/perliso9660.swg
@@ -445,7 +445,7 @@ char * name_translate(const char *psz_ol
%inline %{
char *
name_translate(const char *psz_oldname) {
- char *psz_newname=calloc(sizeof(char), strlen(psz_oldname));
+ char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)+1);
iso9660_name_translate(psz_oldname, psz_newname);
return psz_newname;
}
@@ -470,7 +470,7 @@ char * name_translate_ext(const char *ps
%inline %{
char *
name_translate_ext(const char *psz_oldname, uint8_t i_joliet_level) {
- char *psz_newname=calloc(sizeof(char), strlen(psz_oldname));
+ char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)+1);
iso9660_name_translate_ext(psz_oldname, psz_newname, i_joliet_level);
return psz_newname;
}
distrib
>
Mandriva
>
2010.1
>
x86_64
>
media
>
contrib-release-src
>
by-pkgid
>
c816f94b0aa87f6b90d6deb743283897
>
files
>
5
