Vulnerabilities in PWLib were found after running the NISCC OpenH323 test suite. "Of the nearly 4500 tests in the suite, OpenH323 failed two of them, which took three lines of code to fix. These pointed out several other potential problems as well, so the total changes were about 20 lines." Fix: http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6 The pwlib-1.4.7-ranges.patch applies cleanly against pwlib-1.5.0 from Fedora Core 1.
Created attachment 97647 [details] SPEC file to add CVE-CAN-2004-0097 ranges patch
Created attachment 97648 [details] Patch taken from RHL 9 to address CVE-CAN-2004-0097 This patch patches cleanly against Fedora Core 1's pwlib-1.5.0.
Just a question as I stumbled on hunk #2 (#3 in the original patch) as well: Shouldn't that function return len for this version of the code? The return value was only changed to 0 in later versions of the code. Changing it to 0 here might lead to unexpected results.
Well. That was basically a bugfix i applied at the same time as the security fix. :)
*** This bug has been marked as a duplicate of 114310 ***
Yeah, I figured that out (comment #4). Had a closer look and saw the length should not be returned by the function but only in &len.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.