ape: added protection against large memory allocations

The function tag_ape_load() retrieves a 32 bit unsigned integer from the input file, and passes it to g_malloc(). This is dangerous, and may be used for a denial of service attack on MPD.
author: Max Kellermann <max@duempel.org> 2009-07-19 17:38:46 +0200
committer: Max Kellermann <max@duempel.org> 2009-07-19 17:38:46 +0200
commit: 0ce727d5d459c2319edc507eb2e71af8a1c9d5dc (patch)
tree: c05bb8dc3fdb6339775c3b423cca318f75fd65a2 /NEWS
parent: e3ff0ab6d1f378aec9b98fe930ca42d1f428409e (diff)
download: mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.gz
mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.xz
mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 66ad2cfed..8e2c59b78 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 ver 0.15.2 (2009/??/??)
 * tags:
   - ape: check the tag size (fixes integer underflow)
+  - ape: added protection against large memory allocations
 
 
 ver 0.15.1 (2009/07/15)
author	Max Kellermann <max@duempel.org>	2009-07-19 17:38:46 +0200
committer	Max Kellermann <max@duempel.org>	2009-07-19 17:38:46 +0200
commit	0ce727d5d459c2319edc507eb2e71af8a1c9d5dc (patch)
tree	c05bb8dc3fdb6339775c3b423cca318f75fd65a2 /NEWS
parent	e3ff0ab6d1f378aec9b98fe930ca42d1f428409e (diff)
download	mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.gz mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.xz mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.zip