[libXfont/f19] Fix CVE-2013-6462, potential stack overflow - fonts-bugs - Fedora mailing-lists

7 Jan 2014

commit 92f16f153af36a83e8aa48b1850c9124f6373fe0
Author: Peter Hutterer peter.hutterer@who-t.net
Date:   Wed Jan 8 10:45:42 2014 +1000
Fix CVE-2013-6462, potential stack overflow
...62-unlimited-sscanf-overflows-stack-buffe.patch |   33 ++++++++++++++++++++
 libXfont.spec                                      |    7 +++-
 2 files changed, 39 insertions(+), 1 deletions(-)
---

diff --git a/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch b/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
new file mode 100644
index 0000000..5460fc2
--- /dev/null
+++ b/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
@@ -0,0 +1,33 @@
+From 4d024ac10f964f6bd372ae0dd14f02772a6e5f63 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith alan.coopersmith@oracle.com
+Date: Mon, 23 Dec 2013 18:34:02 -0800
+Subject: [PATCH] CVE-2013-6462: unlimited sscanf overflows stack buffer in
+ bdfReadCharacters()
+
+Fixes cppcheck warning:
+ [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
+  scanf without field width limits can crash with huge input data.
+
+Signed-off-by: Alan Coopersmith alan.coopersmith@oracle.com
+Reviewed-by: Matthieu Herrb matthieu@herrb.eu
+Reviewed-by: Jeremy Huddleston Sequoia jeremyhu@apple.com
+---
+ src/bitmap/bdfread.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
+index e2770dc..e11c5d2 100644
+--- a/src/bitmap/bdfread.c
++++ b/src/bitmap/bdfread.c
+@@ -338,7 +338,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
+ 	char        charName[100];
+ 	int         ignore;
+ 
+-	if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
++	if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
+ 	    bdfError("bad character name in BDF file\n");
+ 	    goto BAILOUT;	/* bottom of function, free and return error */
+ 	}
+-- 
+1.8.4.2
+
diff --git a/libXfont.spec b/libXfont.spec
index afe7ca6..ebeb066 100644
--- a/libXfont.spec
+++ b/libXfont.spec
@@ -1,13 +1,14 @@
 Summary: X.Org X11 libXfont runtime library
 Name: libXfont
 Version: 1.4.5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://www.x.org
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: http://www.x.org/pub/individual/lib/%%7Bname%7D-%%7Bversion%7D.tar.bz2
+Patch01: 0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
BuildRequires: autoconf automake libtool
 BuildRequires: pkgconfig(fontsproto)
@@ -30,6 +31,7 @@ X.Org X11 libXfont development package
%prep
 %setup -q
+%patch01 -p1
%build
 autoreconf -v --install --force
@@ -80,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/xfont.pc
%changelog
+* Wed Jan 08 2014 Peter Hutterer peter.hutterer@redhat.com 1.4.5-5
+- Fix CVE-2013-6462, potential stack overflow
+
 * Thu Mar 07 2013 Peter Hutterer peter.hutterer@redhat.com - 1.4.5-4
 - autoreconf for aarch64

    