rpms/dev86/F-13 dev86-print-overflow.patch, NONE, 1.1 dev86.spec, 1.32, 1.33

Jindrich Novy jnovy at fedoraproject.org
Mon Jul 12 07:28:30 UTC 2010


Author: jnovy

Update of /cvs/pkgs/rpms/dev86/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3703

Modified Files:
	dev86.spec 
Added Files:
	dev86-print-overflow.patch 
Log Message:
* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 0.16.17-16
- fix sprintf overflows (#577982), patch from Lubomir Rintel


dev86-print-overflow.patch:
 mkar.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- NEW FILE dev86-print-overflow.patch ---
From: Lubomir Rintel <lkundrak at v3.sk>

There are off-by-one errors when filling the ar headers, the trailing nul
would overflow the target buffer.

diff -urp dev86-0.16.17/ld/mkar.c dev86-0.16.17.fixed/ld/mkar.c
--- dev86-0.16.17/ld/mkar.c	2004-06-20 09:23:27.000000000 +0200
+++ dev86-0.16.17.fixed/ld/mkar.c	2010-03-29 23:34:30.351426404 +0200
@@ -51,12 +51,12 @@ char buf[128];
       memset(&arbuf, ' ', sizeof(arbuf));
       strcpy(buf, ptr); strcat(buf, "/                 ");
       strncpy(arbuf.ar_name, buf, sizeof(arbuf.ar_name));
-      
-      sprintf(arbuf.ar_date, "%-12ld", (long)st.st_mtime);
-      sprintf(arbuf.ar_uid, "%-6d",    (int)(st.st_uid%1000000L));
-      sprintf(arbuf.ar_gid, "%-6d",    (int)(st.st_gid%1000000L));
-      sprintf(arbuf.ar_mode, "%-8lo",  (long)st.st_mode);
-      sprintf(arbuf.ar_size, "%-10ld", (long)st.st_size);
+     
+      snprintf(arbuf.ar_date, 12, "%-12ld", (long)st.st_mtime);
+      snprintf(arbuf.ar_uid, 6, "%-6d", (int)(st.st_uid%1000000L));
+      snprintf(arbuf.ar_gid, 6, "%-6d", (int)(st.st_gid%1000000L));
+      snprintf(arbuf.ar_mode, 8, "%-8lo", (long)st.st_mode);
+      snprintf(arbuf.ar_size, 10, "%-10ld", (long)st.st_size);
       memcpy(arbuf.ar_fmag, ARFMAG, sizeof(arbuf.ar_fmag));
 
       if( fwrite(&arbuf, 1, sizeof(arbuf), fd) != sizeof(arbuf) )


Index: dev86.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dev86/F-13/dev86.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- dev86.spec	24 Jul 2009 20:11:06 -0000	1.32
+++ dev86.spec	12 Jul 2010 07:28:30 -0000	1.33
@@ -1,7 +1,7 @@
 Summary: A real mode 80x86 assembler and linker
 Name: dev86
 Version: 0.16.17
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPL+ and GPLv2+ and LGPLv2+
 Group: Development/Languages
 URL: http://homepage.ntlworld.com/robert.debath/
@@ -11,6 +11,7 @@ Patch1: dev86-64bit.patch
 Patch2: dev86-nostrip.patch
 Patch3: dev86-overflow.patch
 Patch4: dev86-long.patch
+Patch5: dev86-print-overflow.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes: bin86
 
@@ -35,6 +36,7 @@ mode from their source code.
 %patch2 -p1 -b .nostrip
 %patch3 -p1 -b .overflow
 %patch4 -p1 -b .long
+%patch5 -p1 -b .print-overflow
 
 %build
 # the main makefile doesn't allow parallel build
@@ -87,6 +89,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 0.16.17-16
+- fix sprintf overflows (#577982), patch from Lubomir Rintel
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.16.17-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 



More information about the scm-commits mailing list