$OpenBSD: patch-wordole_c,v 1.2 2014/12/02 12:22:05 jasper Exp $

Prevent overflow of atPPSlist[].szName[] (CVE-2014-8123)
http://seclists.org/oss-sec/2014/q4/870

--- wordole.c.orig	Fri Aug 26 20:49:57 2005
+++ wordole.c	Mon Dec  1 17:06:15 2014
@@ -259,6 +259,11 @@ bGetPPS(FILE *pFile,
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if (tNameSize >= sizeof(atPPSlist[0].szName)) {
+			werr(0, "PPS %d appears to be invalid.", iIndex);
+			atPPSlist = xfree(atPPSlist);
+			return FALSE;
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {
