rpms/star/F-12 star-1.5.1-bufferoverflow.patch, NONE, 1.1 star.spec, 1.51, 1.52

Ondrej Vasik ovasik at fedoraproject.org
Wed Feb 3 12:55:40 UTC 2010 

Author: ovasik

Update of /cvs/pkgs/rpms/star/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22959

Modified Files:
	star.spec 
Added Files:
	star-1.5.1-bufferoverflow.patch 
Log Message:
 fix buffer overflow for files with names of length 100 chars(#556664)

star-1.5.1-bufferoverflow.patch:
 longnames.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE star-1.5.1-bufferoverflow.patch ---
diff -urNp star-1.5.1-orig/star/longnames.c star-1.5.1/star/longnames.c
--- star-1.5.1-orig/star/longnames.c	2009-10-16 00:38:55.000000000 +0200
+++ star-1.5.1/star/longnames.c	2010-02-03 13:36:03.000000000 +0100
@@ -155,7 +155,7 @@ name_to_tcb(info, ptb)
 		if (add)
 			strcatl(ptb->dbuf.t_name, name, "/", (char *)NULL);
 		else
-			strcpy(ptb->dbuf.t_name, name);
+			strncpy(ptb->dbuf.t_name, name, props.pr_maxsname);
 		return (TRUE);
 	}
 


Index: star.spec
===================================================================
RCS file: /cvs/pkgs/rpms/star/F-12/star.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- star.spec	27 Aug 2009 14:10:45 -0000	1.51
+++ star.spec	3 Feb 2010 12:55:39 -0000	1.52
@@ -4,7 +4,7 @@
 Summary:  An archiving tool with ACL support
 Name: star
 Version: 1.5
-Release: 8%{?dist}
+Release: 9%{?dist}
 URL: http://cdrecord.berlios.de/old/private/star.html
 Source: ftp://ftp.berlios.de/pub/star/%{name}-%{version}.tar.bz2
 
@@ -18,6 +18,8 @@ Patch3: star-1.5-changewarnSegv.patch
 Patch4: star-1.5-removenames_c.patch
 #do not conflict with glibc stdio functions (#494213)
 Patch5: star-1.5-stdioconflict.patch
+#Prevent buffer overflow for filenames with length of 100 characters (#556664)
+Patch6: star-1.5.1-bufferoverflow.patch
 
 License: CDDL
 Group: Applications/Archiving
@@ -38,6 +40,7 @@ and can restore individual files from th
 %patch3 -p1 -b .changewarnSegv
 %patch4 -p1 -b .removenames
 %patch5 -p1 -b .conflict
+%patch6 -p1 -b .namesoverflow
 iconv -f iso_8859-1 -t utf-8 AN-1.5 >AN-1.5_utf8
 mv AN-1.5_utf8 AN-1.5
 cp -a READMEs/README.linux .
@@ -113,6 +116,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man1/ustar.1*
 
 %changelog
+* Wed Feb 03 2010 Ondrej Vasik <ovasik at redhat.com> 1.5-9
+- fix buffer overflow for files with names of length
+  100 chars(#556664)
+
 * Thu Aug 27 2009 Ondrej Vasik <ovasik at redhat.com> 1.5-8
 - provide symlinked manpage for ustar

More information about the scm-commits mailing list