Sophie

Sophie

distrib > Mandriva > 2011.0 > i586 > media > main-updates-src > by-pkgid > 3911422c9e4d38621cf15053a6f2ce54 > files > 1

nut-2.6.1-1.1.src.rpm


http://trac.networkupstools.org/projects/nut/changeset/3633

--- common/parseconf.c	2011-05-31 10:36:47.000000000 +0000
+++ common/parseconf.c.oden	2012-06-04 14:42:40.000000000 +0000
@@ -171,6 +171,13 @@ static void addchar(PCONF_CTX_t *ctx)
 
 	wbuflen = strlen(ctx->wordbuf);
 
+	/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
+	if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
+		fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
+				ctx->ch);
+		return;
+	}
+
 	if (ctx->wordlen_limit != 0) {
 		if (wbuflen >= ctx->wordlen_limit) {

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional