# HG changeset patch # User Deepak Bhole # Date 1343144690 14400 # Node ID 3b9b763bf1fca5acfe6a5a16752acd1fc255d6f7 # Parent 55911b39b5c0415a98b1cea02f0d7f6e23bbc74f CVE-2012-3422, RH840592: Potential read from an uninitialized memory location Updated NEWS file with entry for CVE-2012-3423 diff -r 55911b39b5c0 -r 3b9b763bf1fc ChangeLog --- a/ChangeLog Tue Jul 31 14:38:12 2012 +0200 +++ b/ChangeLog Tue Jul 24 11:44:50 2012 -0400 @@ -9,6 +9,16 @@ 2012-07-24 Adam Domurad + CVE-2012-3422, RH840592: Potential read from an uninitialized + memory location. + * plugin/icedteanp/IcedTeaNPPlugin.cc + (get_cookie_info): Only attempt to perform this operation if there is a + valid plugin instance + (get_proxy_info): Only attempt to perform this operation if there is a + valid plugin instance + +2012-07-24 Adam Domurad + * plugin/icedteanp/IcedTeaPluginUtils.cc (IcedTeaPluginUtilities::strSplit): Replace usage of " " with proper delimiter diff -r 55911b39b5c0 -r 3b9b763bf1fc NEWS --- a/NEWS Tue Jul 31 14:38:12 2012 +0200 +++ b/NEWS Tue Jul 24 11:44:50 2012 -0400 @@ -9,6 +9,9 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.3 (2012-XX-XX): +* Security updates + - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings * NetX - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen") - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly diff -r 55911b39b5c0 -r 3b9b763bf1fc plugin/icedteanp/IcedTeaNPPlugin.cc --- a/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 31 14:38:12 2012 +0200 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 24 11:44:50 2012 -0400 @@ -925,6 +925,11 @@ NPError get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv; nsCOMPtr sec_man = @@ -1330,6 +1335,11 @@ NPError get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv;