Mercurial > hg > release > icedtea-web-1.3
changeset 470:3b9b763bf1fc
CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
Updated NEWS file with entry for CVE-2012-3423
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Tue, 24 Jul 2012 11:44:50 -0400 |
parents | 55911b39b5c0 |
children | b64886a766cc |
files | ChangeLog NEWS plugin/icedteanp/IcedTeaNPPlugin.cc |
diffstat | 3 files changed, 23 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Jul 31 14:38:12 2012 +0200 +++ b/ChangeLog Tue Jul 24 11:44:50 2012 -0400 @@ -9,6 +9,16 @@ 2012-07-24 Adam Domurad <adomurad@redhat.com> + CVE-2012-3422, RH840592: Potential read from an uninitialized + memory location. + * plugin/icedteanp/IcedTeaNPPlugin.cc + (get_cookie_info): Only attempt to perform this operation if there is a + valid plugin instance + (get_proxy_info): Only attempt to perform this operation if there is a + valid plugin instance + +2012-07-24 Adam Domurad <adomurad@redhat.com> + * plugin/icedteanp/IcedTeaPluginUtils.cc (IcedTeaPluginUtilities::strSplit): Replace usage of " " with proper delimiter
--- a/NEWS Tue Jul 31 14:38:12 2012 +0200 +++ b/NEWS Tue Jul 24 11:44:50 2012 -0400 @@ -9,6 +9,9 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.3 (2012-XX-XX): +* Security updates + - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings * NetX - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen") - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 31 14:38:12 2012 +0200 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 24 11:44:50 2012 -0400 @@ -925,6 +925,11 @@ NPError get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv; nsCOMPtr<nsIScriptSecurityManager> sec_man = @@ -1330,6 +1335,11 @@ NPError get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len) { + // Only attempt to perform this operation if there is a valid plugin instance + if (g_hash_table_size(instance_to_id_map) <= 0) + { + return NPERR_GENERIC_ERROR; + } #if MOZILLA_VERSION_COLLAPSED < 1090100 nsresult rv;