add patch from Redhat bug#784141 which fixes a possible

buffer overflow if used with an HTTP proxy (CVE-2012-0804)
approved by releng
This commit is contained in:
drochner 2012-02-09 16:28:53 +00:00
parent b7196e474c
commit f9e6b678d8
1 changed files with 2 additions and 2 deletions

View File

@ -3550,9 +3550,9 @@ connect_to_pserver (cvsroot_t *root, struct buffer **to_server_p,
* code.
*/
read_line_via (from_server, to_server, &read_buf);
sscanf (read_buf, "%s %d", write_buf, &codenum);
count = sscanf (read_buf, "%*s %d", &codenum);
if ((codenum / 100) != 2)
if (count != 1 || (codenum / 100) != 2)
error (1, 0, "proxy server %s:%d does not support http tunnelling",
root->proxy_hostname, proxy_port_number);
free (read_buf);