rpms/dev86/F-13 dev86-print-overflow.patch, NONE, 1.1 dev86.spec, 1.32, 1.33
Jindrich Novy
jnovy at fedoraproject.org
Mon Jul 12 07:28:30 UTC 2010
- Previous message: rpms/waf/F-13 .cvsignore, 1.22, 1.23 import.log, 1.17, 1.18 sources, 1.22, 1.23 waf.spec, 1.26, 1.27
- Next message: rpms/netpbm/devel netpbm-security-code.patch, 1.3, 1.4 netpbm.spec, 1.168, 1.169
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/pkgs/rpms/dev86/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3703
Modified Files:
dev86.spec
Added Files:
dev86-print-overflow.patch
Log Message:
* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 0.16.17-16
- fix sprintf overflows (#577982), patch from Lubomir Rintel
dev86-print-overflow.patch:
mkar.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- NEW FILE dev86-print-overflow.patch ---
From: Lubomir Rintel <lkundrak at v3.sk>
There are off-by-one errors when filling the ar headers, the trailing nul
would overflow the target buffer.
diff -urp dev86-0.16.17/ld/mkar.c dev86-0.16.17.fixed/ld/mkar.c
--- dev86-0.16.17/ld/mkar.c 2004-06-20 09:23:27.000000000 +0200
+++ dev86-0.16.17.fixed/ld/mkar.c 2010-03-29 23:34:30.351426404 +0200
@@ -51,12 +51,12 @@ char buf[128];
memset(&arbuf, ' ', sizeof(arbuf));
strcpy(buf, ptr); strcat(buf, "/ ");
strncpy(arbuf.ar_name, buf, sizeof(arbuf.ar_name));
-
- sprintf(arbuf.ar_date, "%-12ld", (long)st.st_mtime);
- sprintf(arbuf.ar_uid, "%-6d", (int)(st.st_uid%1000000L));
- sprintf(arbuf.ar_gid, "%-6d", (int)(st.st_gid%1000000L));
- sprintf(arbuf.ar_mode, "%-8lo", (long)st.st_mode);
- sprintf(arbuf.ar_size, "%-10ld", (long)st.st_size);
+
+ snprintf(arbuf.ar_date, 12, "%-12ld", (long)st.st_mtime);
+ snprintf(arbuf.ar_uid, 6, "%-6d", (int)(st.st_uid%1000000L));
+ snprintf(arbuf.ar_gid, 6, "%-6d", (int)(st.st_gid%1000000L));
+ snprintf(arbuf.ar_mode, 8, "%-8lo", (long)st.st_mode);
+ snprintf(arbuf.ar_size, 10, "%-10ld", (long)st.st_size);
memcpy(arbuf.ar_fmag, ARFMAG, sizeof(arbuf.ar_fmag));
if( fwrite(&arbuf, 1, sizeof(arbuf), fd) != sizeof(arbuf) )
Index: dev86.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dev86/F-13/dev86.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- dev86.spec 24 Jul 2009 20:11:06 -0000 1.32
+++ dev86.spec 12 Jul 2010 07:28:30 -0000 1.33
@@ -1,7 +1,7 @@
Summary: A real mode 80x86 assembler and linker
Name: dev86
Version: 0.16.17
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPL+ and GPLv2+ and LGPLv2+
Group: Development/Languages
URL: http://homepage.ntlworld.com/robert.debath/
@@ -11,6 +11,7 @@ Patch1: dev86-64bit.patch
Patch2: dev86-nostrip.patch
Patch3: dev86-overflow.patch
Patch4: dev86-long.patch
+Patch5: dev86-print-overflow.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: bin86
@@ -35,6 +36,7 @@ mode from their source code.
%patch2 -p1 -b .nostrip
%patch3 -p1 -b .overflow
%patch4 -p1 -b .long
+%patch5 -p1 -b .print-overflow
%build
# the main makefile doesn't allow parallel build
@@ -87,6 +89,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_mandir}/man1/*
%changelog
+* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 0.16.17-16
+- fix sprintf overflows (#577982), patch from Lubomir Rintel
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.16.17-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message: rpms/waf/F-13 .cvsignore, 1.22, 1.23 import.log, 1.17, 1.18 sources, 1.22, 1.23 waf.spec, 1.26, 1.27
- Next message: rpms/netpbm/devel netpbm-security-code.patch, 1.3, 1.4 netpbm.spec, 1.168, 1.169
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list