# HG changeset patch # User Deepak Bhole # Date 1343152722 14400 # Node ID 109bec81dd4b04db2e0474cb0dcd5c28b8ed3ff1 # Parent 52f5d2f9758466f5d502bc44c722d4347bd1379c CVE-2012-3422, RH840592: Potential read from an uninitialized memory location Updated NEWS file with entry for CVE-2012-3423 diff -r 52f5d2f97584 -r 109bec81dd4b ChangeLog --- a/ChangeLog Wed Jul 25 16:10:02 2012 -0400 +++ b/ChangeLog Tue Jul 24 13:58:42 2012 -0400 @@ -1,3 +1,13 @@ +2012-07-25 Adam Domurad + + CVE-2012-3422, RH840592: Potential read from an uninitialized + memory location. + * plugin/icedteanp/IcedTeaNPPlugin.cc + (get_cookie_info): Only attempt to perform this operation if there is a + valid plugin instance + (get_proxy_info): Only attempt to perform this operation if there is a + valid plugin instance + 2012-07-25 Adam Domurad Allow passing of plugin tables and browser tables in NP_Initialize that diff -r 52f5d2f97584 -r 109bec81dd4b NEWS --- a/NEWS Wed Jul 25 16:10:02 2012 -0400 +++ b/NEWS Tue Jul 24 13:58:42 2012 -0400 @@ -9,7 +9,10 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.1.6 (2012-XX-XX): - * Plugin +* Security Updates + - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings +* Plugin - PR863: Error passing strings to applet methods in Chromium - PR518: NPString.utf8characters not guaranteed to be nul-terminated diff -r 52f5d2f97584 -r 109bec81dd4b plugin/icedteanp/IcedTeaNPPlugin.cc --- a/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Jul 25 16:10:02 2012 -0400 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 24 13:58:42 2012 -0400 @@ -886,6 +886,11 @@ NPError get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv; nsCOMPtr sec_man = @@ -1306,6 +1311,11 @@ NPError get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv;