Mercurial > hg > release > icedtea-web-1.1
changeset 303:109bec81dd4b
CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
Updated NEWS file with entry for CVE-2012-3423
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Tue, 24 Jul 2012 13:58:42 -0400 |
parents | 52f5d2f97584 |
children | e62245b1ab29 |
files | ChangeLog NEWS plugin/icedteanp/IcedTeaNPPlugin.cc |
diffstat | 3 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 25 16:10:02 2012 -0400 +++ b/ChangeLog Tue Jul 24 13:58:42 2012 -0400 @@ -1,3 +1,13 @@ +2012-07-25 Adam Domurad <adomurad@redhat.com> + + CVE-2012-3422, RH840592: Potential read from an uninitialized + memory location. + * plugin/icedteanp/IcedTeaNPPlugin.cc + (get_cookie_info): Only attempt to perform this operation if there is a + valid plugin instance + (get_proxy_info): Only attempt to perform this operation if there is a + valid plugin instance + 2012-07-25 Adam Domurad <adomurad@redhat.com> Allow passing of plugin tables and browser tables in NP_Initialize that
--- a/NEWS Wed Jul 25 16:10:02 2012 -0400 +++ b/NEWS Tue Jul 24 13:58:42 2012 -0400 @@ -9,7 +9,10 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.1.6 (2012-XX-XX): - * Plugin +* Security Updates + - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings +* Plugin - PR863: Error passing strings to applet methods in Chromium - PR518: NPString.utf8characters not guaranteed to be nul-terminated
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Jul 25 16:10:02 2012 -0400 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 24 13:58:42 2012 -0400 @@ -886,6 +886,11 @@ NPError get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv; nsCOMPtr<nsIScriptSecurityManager> sec_man = @@ -1306,6 +1311,11 @@ NPError get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv;