fix for xpdf makeFileKey2 stack overflow, #78619

Package-Manager: portage-2.0.51-r15

2 files changed, 34 insertions, 0 deletions

diff --git a/kde-base/kpdf/files/CAN-2005-0064_kde-3.4.patch b/kde-base/kpdf/files/CAN-2005-0064_kde-3.4.patch
new file mode 100644
index 000000000000..bd14ca666cd6
--- /dev/null
+++ b/kde-base/kpdf/files/CAN-2005-0064_kde-3.4.patch
@@ -0,0 +1,31 @@
+--- kpdf/xpdf/xpdf/Decrypt.cc.jn	2002-12-06 00:44:32.000000000 +0100
++++ kpdf/xpdf/xpdf/Decrypt.cc	2005-01-14 13:38:48.192647128 +0100
+@@ -132,13 +132,19 @@ GBool Decrypt::makeFileKey2(int encVersi
+   Guchar *buf;
+   Guchar test[32];
+   Guchar fState[256];
+-  Guchar tmpKey[16];
++  Guchar *tmpKey;
+   Guchar fx, fy;
+   int len, i, j;
+   GBool ok;
+ 
++  // check whether we have non-zero keyLength
++  if ( !keyLength ) {
++    return gFalse;
++  }
++  
+   // generate file key
+   buf = (Guchar *)gmalloc(68 + fileID->getLength());
++  tmpKey = (Guchar *)gmalloc(keyLength * sizeof(Guchar));
+   if (userPassword) {
+     len = userPassword->getLength();
+     if (len < 32) {
+@@ -191,6 +197,7 @@ GBool Decrypt::makeFileKey2(int encVersi
+     ok = gFalse;
+   }
+ 
++  gfree(tmpKey);
+   gfree(buf);
+   return ok;
+ }
diff --git a/kde-base/kpdf/files/digest-kpdf-3.4.0_beta1-r1 b/kde-base/kpdf/files/digest-kpdf-3.4.0_beta1-r1
new file mode 100644
index 000000000000..61aba8b28ff3
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.4.0_beta1-r1
@@ -0,0 +1,3 @@
+MD5 701a5fe0bfc6ec26d8a50f72334d2b2a kdegraphics-3.3.90.tar.bz2 6307655
+MD5 0d5a081c948e50234ebe27075941f1c9 kdegraphics-3.3.90-3.3.91.tar.xdelta 562657
+MD5 e819ff09157f1bf83c6a1ac70ab41439 kdegraphics-3.3.91.tar.bz2 6455135