[libXfont/f19] Fix CVE-2013-6462, potential stack overflow
Peter Hutterer
whot at fedoraproject.org
Wed Jan 8 00:45:11 UTC 2014
commit 92f16f153af36a83e8aa48b1850c9124f6373fe0
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date: Wed Jan 8 10:45:42 2014 +1000
Fix CVE-2013-6462, potential stack overflow
...62-unlimited-sscanf-overflows-stack-buffe.patch | 33 ++++++++++++++++++++
libXfont.spec | 7 +++-
2 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch b/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
new file mode 100644
index 0000000..5460fc2
--- /dev/null
+++ b/0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
@@ -0,0 +1,33 @@
+From 4d024ac10f964f6bd372ae0dd14f02772a6e5f63 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith at oracle.com>
+Date: Mon, 23 Dec 2013 18:34:02 -0800
+Subject: [PATCH] CVE-2013-6462: unlimited sscanf overflows stack buffer in
+ bdfReadCharacters()
+
+Fixes cppcheck warning:
+ [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
+ scanf without field width limits can crash with huge input data.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
+Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>
+Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
+---
+ src/bitmap/bdfread.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
+index e2770dc..e11c5d2 100644
+--- a/src/bitmap/bdfread.c
++++ b/src/bitmap/bdfread.c
+@@ -338,7 +338,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
+ char charName[100];
+ int ignore;
+
+- if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
++ if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
+ bdfError("bad character name in BDF file\n");
+ goto BAILOUT; /* bottom of function, free and return error */
+ }
+--
+1.8.4.2
+
diff --git a/libXfont.spec b/libXfont.spec
index afe7ca6..ebeb066 100644
--- a/libXfont.spec
+++ b/libXfont.spec
@@ -1,13 +1,14 @@
Summary: X.Org X11 libXfont runtime library
Name: libXfont
Version: 1.4.5
-Release: 4%{?dist}
+Release: 5%{?dist}
License: MIT
Group: System Environment/Libraries
URL: http://www.x.org
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: http://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
+Patch01: 0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
BuildRequires: autoconf automake libtool
BuildRequires: pkgconfig(fontsproto)
@@ -30,6 +31,7 @@ X.Org X11 libXfont development package
%prep
%setup -q
+%patch01 -p1
%build
autoreconf -v --install --force
@@ -80,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/xfont.pc
%changelog
+* Wed Jan 08 2014 Peter Hutterer <peter.hutterer at redhat.com> 1.4.5-5
+- Fix CVE-2013-6462, potential stack overflow
+
* Thu Mar 07 2013 Peter Hutterer <peter.hutterer at redhat.com> - 1.4.5-4
- autoreconf for aarch64
More information about the fonts-bugs
mailing list