Fix null pointer dereference, CVE-2016-4912

openslp-2.0.0-null-pointer-deref.patch

@@ -0,0 +1,12 @@
+diff -up openslp-2.0.0/common/slp_xmalloc.c.orig openslp-2.0.0/common/slp_xmalloc.c
+--- openslp-2.0.0/common/slp_xmalloc.c.orig	2012-12-07 01:52:08.000000000 +0100
++++ openslp-2.0.0/common/slp_xmalloc.c	2016-05-23 12:58:57.953532979 +0200
+@@ -203,6 +203,8 @@ void * _xrealloc(const char * file, int
+       if (x->size != size)
+       {
+          newptr = _xmalloc(file, line, size);
++         if (newptr == 0)
++            return 0;
+          memcpy(newptr, ptr, x->size);
+          _xfree(file, line, x);
+       }

openslp.spec

@@ -2,7 +2,7 @@
 Summary: Open implementation of Service Location Protocol V2
 Name:    openslp
 Version: 2.0.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 Group:   System Environment/Libraries
 License: BSD
@@ -21,6 +21,8 @@ Source4: slpd.service
 Patch1:  openslp-2.0.0-multicast-set.patch
 # Patch2: notify systemd of start-up completion
 Patch2:  openslp-2.0.0-notify-systemd-of-start-up.patch
+# Patch3: fixes posible null pointer dereference, bz#1337402, CVE-2016-4912
+Patch3:  openslp-2.0.0-null-pointer-deref.patch
 
 BuildRequires: automake libtool
 BuildRequires: bison
@@ -61,6 +63,7 @@ OpenSLP server daemon to dynamically register services.
 
 %patch1 -p1 -b .multicast-set
 %patch2 -p2 -b .systemd
+%patch3 -p1 -b .null-pointer-deref
 
 # tarball goof (?), it wants to re-automake anyway, so let's do it right.
 #libtoolize --force
@@ -174,6 +177,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon May 23 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-9
+- Fix null pointer dereference, CVE-2016-4912
+  Resolves: #1337402
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild