rpms/jam/devel jam-2.5-overflow.patch,NONE,1.1 jam.spec,1.9,1.10
Lubomir Rintel
lkundrak at fedoraproject.org
Mon Aug 3 04:34:31 UTC 2009
- Previous message: rpms/mysql/F-10 .cvsignore, 1.35, 1.36 mysql.spec, 1.113, 1.114 sources, 1.35, 1.36 mysql-format-string.patch, 1.1, NONE
- Next message: rpms/kdebase-workspace/devel kdebase-workspace-4.3.0-battery-plasmoid-showremainingtime.patch, NONE, 1.1 kdebase-workspace.spec, 1.259, 1.260
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: lkundrak
Update of /cvs/pkgs/rpms/jam/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15124
Modified Files:
jam.spec
Added Files:
jam-2.5-overflow.patch
Log Message:
* Mon Aug 3 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.5-9
- Add the stack overflow fix patch
jam-2.5-overflow.patch:
expand.c | 19 ++++++++++++++++++-
jam.h | 8 ++++++--
2 files changed, 24 insertions(+), 3 deletions(-)
--- NEW FILE jam-2.5-overflow.patch ---
From: Lubomir Rintel <lkundrak at v3.sk>
Subject: [PATCH] Fix stack smashing in variable expansion
Apparently, Fedora's compiler flags were too long for jam's mind,
resulting in out-of-bounds write on stack. This patch increases length
of variable expansion buffer (and filename buffer, just in case) as
well as adds checks for buffer overflows in some places.
diff -up jam-2.5/expand.c.overflow jam-2.5/expand.c
--- jam-2.5/expand.c.overflow 2003-04-23 06:45:50.000000000 +0200
+++ jam-2.5/expand.c 2009-07-25 15:59:30.319767119 +0200
@@ -27,6 +27,7 @@
* 10/22/02 (seiwald) - list_new() now does its own newstr()/copystr()
* 11/04/02 (seiwald) - const-ing for string literals
* 12/30/02 (armstrong) - fix out-of-bounds access in var_expand()
+ * 25/07/09 (lkundrak at v3.sk) - fix stack overflows in var_expand()
*/
# include "jam.h"
@@ -283,8 +284,14 @@ var_expand(
if( colon && edits.filemods )
var_edit_file( value->string, out, &edits );
- else
+ else {
+ if( out + strlen( value->string ) > out_buf + sizeof( out_buf ) ) {
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
+ sizeof( out_buf ), out, value->string );
+ exit( 1 );
+ }
strcpy( out, value->string );
+ }
if( colon && ( edits.upshift || edits.downshift ) )
var_edit_shift( out, &edits );
@@ -298,6 +305,11 @@ var_expand(
( list_next( value ) || list_next( vars ) ) )
{
out += strlen( out );
+ if( out + strlen( edits.join.ptr ) > out_buf + sizeof( out_buf ) ) {
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
+ sizeof( out_buf ), out, edits.join.ptr );
+ exit( 1 );
+ }
strcpy( out, edits.join.ptr );
out += strlen( out );
continue;
@@ -320,6 +332,11 @@ var_expand(
for( rem = remainder; rem; rem = list_next( rem ) )
{
+ if( out1 + strlen( rem->string ) > out_buf + sizeof( out_buf ) ) {
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
+ sizeof( out_buf ), out, rem->string );
+ exit( 1 );
+ }
strcpy( out1, rem->string );
l = list_new( l, out_buf, 0 );
}
diff -up jam-2.5/jam.h.overflow jam-2.5/jam.h
--- jam-2.5/jam.h.overflow 2004-06-23 19:45:36.000000000 +0200
+++ jam-2.5/jam.h 2009-07-25 15:59:35.464767132 +0200
@@ -472,8 +472,12 @@
/* You probably don't need to muck with these. */
-# define MAXSYM 1024 /* longest symbol in the environment */
-# define MAXJPATH 1024 /* longest filename */
+# define MAXSYM 65536 /* longest symbol in the environment */
+# ifdef PATH_MAX
+# define MAXJPATH PATH_MAX /* longest filename */
+# else
+# define MAXJPATH 4096
+# endif
# define MAXJOBS 64 /* silently enforce -j limit */
# define MAXARGC 32 /* words in $(JAMSHELL) */
Index: jam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/jam/devel/jam.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- jam.spec 25 Jul 2009 03:52:56 -0000 1.9
+++ jam.spec 3 Aug 2009 04:34:30 -0000 1.10
@@ -1,11 +1,13 @@
Name: jam
Version: 2.5
-Release: 8%{?dist}
+Release: 9%{?dist}
License: Copyright only
Group: Development/Tools
Summary: Program construction tool, similar to make
URL: http://public.perforce.com/public/jam/index.html
Source0: ftp://ftp.perforce.com/jam/%{name}-%{version}.tar
+# Submitted upstream by e-mail
+Patch0: jam-2.5-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: byacc
@@ -19,6 +21,7 @@ targets and sources.
%prep
%setup -q
+%patch0 -p1 -b .overflows
%build
make CFLAGS="$RPM_OPT_FLAGS" CCFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags}
@@ -39,6 +42,9 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/mkjambase
%changelog
+* Mon Aug 3 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.5-9
+- Add the stack overflow fix patch
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message: rpms/mysql/F-10 .cvsignore, 1.35, 1.36 mysql.spec, 1.113, 1.114 sources, 1.35, 1.36 mysql-format-string.patch, 1.1, NONE
- Next message: rpms/kdebase-workspace/devel kdebase-workspace-4.3.0-battery-plasmoid-showremainingtime.patch, NONE, 1.1 kdebase-workspace.spec, 1.259, 1.260
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list