t1lib (5.1.2-3+squeeze1) CVE-2010-2642.patch

Summary

 lib/t1lib/parseAFM.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

    
download this patch

Patch contents

diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
index 6a31d7f..ba64541 100644
--- a/lib/t1lib/parseAFM.c
+++ b/lib/t1lib/parseAFM.c
@@ -199,7 +199,9 @@ static char *token(stream)
     idx = 0;
     
     while (ch != EOF && ch != ' ' && ch != CR  && ch != LF &&
-	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
+	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
+     && idx < (MAX_NAME -1))
+    {
       ident[idx++] = ch;
       ch = fgetc(stream);
     } /* while */
@@ -235,7 +237,7 @@ static char *linetoken(stream)
     while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); 
     
     idx = 0;
-    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z) 
+    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1)) 
     {
         ident[idx++] = ch;
         ch = fgetc(stream);