[microcode_ctl] fix buffer overflow, bug 768803

Anton Arapov aarapov at fedoraproject.org
Thu Dec 22 13:00:17 UTC 2011 

commit ae1d259eb6f032df2243894e9fdcc431ad910816
Author: Anton Arapov <anton at redhat.com>
Date:   Thu Dec 22 13:59:24 2011 +0100

    fix buffer overflow, bug 768803
    
    Signed-off-by: Anton Arapov <anton at redhat.com>

 microcode_ctl-1.17-getopt.patch |   23 +++++++++++++++++++++++
 microcode_ctl.spec              |    7 ++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/microcode_ctl-1.17-getopt.patch b/microcode_ctl-1.17-getopt.patch
new file mode 100644
index 0000000..ce5b295
--- /dev/null
+++ b/microcode_ctl-1.17-getopt.patch
@@ -0,0 +1,23 @@
+diff -up microcode_ctl-1.17/microcode_ctl.c.getopt microcode_ctl-1.17/microcode_ctl.c
+--- microcode_ctl-1.17/microcode_ctl.c.getopt	2011-12-22 13:15:55.073783568 +0100
++++ microcode_ctl-1.17/microcode_ctl.c	2011-12-22 13:14:22.000000000 +0100
+@@ -151,7 +151,8 @@ int main(int argc, char *argv[])
+ 				break;
+ 
+ 			case 'd':
+-				strcpy(device, optarg);
++				strncpy(device, optarg, sizeof(device));
++				device[sizeof(device)-1] = '\0'; /* ensure null terminated */
+ 				break;
+ 
+ 			case 'u': /* do a microcode upload */
+@@ -160,7 +161,8 @@ int main(int argc, char *argv[])
+ 
+ 			case 'f': /* set microcode file to optarg and upload */
+ 				upload++;
+-				strcpy(filename, optarg);
++				strncpy(filename, optarg, sizeof(filename));
++				filename[sizeof(filename)-1] = '\0'; /* ensure null terminated */
+ 				break;
+ 
+ 			case '?':
diff --git a/microcode_ctl.spec b/microcode_ctl.spec
index 1321e73..d1b91b4 100644
--- a/microcode_ctl.spec
+++ b/microcode_ctl.spec
@@ -1,7 +1,7 @@
 Summary:        Tool to update x86/x86-64 CPU microcode.
 Name:           microcode_ctl
 Version:        1.17
-Release:        20%{?dist}
+Release:        21%{?dist}
 Epoch:          1
 Group:          System Environment/Base
 License:        GPLv2+ and Redistributable, no modification permitted
@@ -23,6 +23,7 @@ ExclusiveArch:  %{ix86} x86_64
 
 Patch1: microcode_ctl.patch
 Patch2: microcode_ctl-manpage-0.patch
+Patch3: microcode_ctl-1.17-getopt.patch
 
 %description
 microcode_ctl - updates the microcode on Intel and AMD x86/x86-64 CPU's
@@ -31,6 +32,7 @@ microcode_ctl - updates the microcode on Intel and AMD x86/x86-64 CPU's
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 tar xf %{SOURCE3}
 
 %build
@@ -83,6 +85,9 @@ exit 0
 
 
 %changelog
+* Thu Dec 22 2011 Anton Arapov <anton at redhat.com> 1.17-21
+- Fix a segfault that may be triggered by very long parameter [#768803]
+
 * Tue Dec 13 2011 Anton Arapov <anton at redhat.com> 1.17-20
 - Update to microcode-20111110.dat

More information about the scm-commits mailing list