[mythtv-commits] Ticket #5859: Fix for high level CA_PMT handler code (SIGSEGV due to buffer overflow)

[MythTV]

#5859: Fix for high level CA_PMT handler code (SIGSEGV due to buffer overflow)
--------------------------------------+-------------------------------------
 Reporter:  manuel.kampert at online.de  |       Owner:  ijr    
     Type:  defect                    |      Status:  new    
 Priority:  minor                     |   Milestone:  unknown
Component:  mythtv                    |     Version:  unknown
 Severity:  medium                    |     Mlocked:  0      
--------------------------------------+-------------------------------------
 cHlCiHandler::SetCaPmt does not test CaPmt.length > 256. This will cause a
 SIGSEGV due to memory overwrite at

    memcpy(&msg.msg[4], CaPmt.capmt, CaPmt.length);

 as struct ca_msg msg msg.msg is defined in the kernel as msg[256].

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/5859>
MythTV <http://www.mythtv.org/>
MythTV