diff options
author | Max Kellermann <max@duempel.org> | 2009-07-19 17:38:46 +0200 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2009-07-19 17:38:46 +0200 |
commit | 0ce727d5d459c2319edc507eb2e71af8a1c9d5dc (patch) | |
tree | c05bb8dc3fdb6339775c3b423cca318f75fd65a2 /NEWS | |
parent | e3ff0ab6d1f378aec9b98fe930ca42d1f428409e (diff) | |
download | mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.gz mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.tar.xz mpd-0ce727d5d459c2319edc507eb2e71af8a1c9d5dc.zip |
ape: added protection against large memory allocations
The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc(). This is dangerous, and
may be used for a denial of service attack on MPD.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -1,6 +1,7 @@ ver 0.15.2 (2009/??/??) * tags: - ape: check the tag size (fixes integer underflow) + - ape: added protection against large memory allocations ver 0.15.1 (2009/07/15) |