[cvsps] - Patch to fix buffer overflow. - https://bugzilla.redhat.com/show_bug.cgi?id=576076
Jan Horak
hhorak at fedoraproject.org
Mon Feb 14 09:52:09 UTC 2011
commit 1ee46df124d23ffd196d952aabb5aee00043039e
Author: Honza Horak <hhorak at redhat.com>
Date: Mon Feb 14 10:51:53 2011 +0100
- Patch to fix buffer overflow.
- https://bugzilla.redhat.com/show_bug.cgi?id=576076
cvsps-2.2b1-bufferoverflow.patch | 65 ++++++++++++++++++++++++++++++++++++++
cvsps.spec | 8 ++++-
2 files changed, 72 insertions(+), 1 deletions(-)
---
diff --git a/cvsps-2.2b1-bufferoverflow.patch b/cvsps-2.2b1-bufferoverflow.patch
new file mode 100644
index 0000000..2a82cd4
--- /dev/null
+++ b/cvsps-2.2b1-bufferoverflow.patch
@@ -0,0 +1,65 @@
+--- cvsps-2.2b1/cvsps.c 2010-09-07 18:13:42.760727491 +0200
++++ cvsps-2.2b1_/cvsps.c 2010-09-07 18:05:11.083729441 +0200
+@@ -1065,17 +1065,16 @@ static CvsFile * parse_file(const char *
+ {
+ CvsFile * retval;
+ char fn[PATH_MAX];
+- int len = strlen(buff + 10);
++ size_t len = strlen(buff + 10);
+ char * p;
+
+ /* once a single file has been parsed ok we set this */
+ static int path_ok;
+-
++
+ /* chop the ",v" string and the "LF" */
+ len -= 3;
+ memcpy(fn, buff + 10, len);
+ fn[len] = 0;
+-
+ if (strncmp(fn, strip_path, strip_path_len) != 0)
+ {
+ /* if the very first file fails the strip path,
+@@ -1096,10 +1095,10 @@ static CvsFile * parse_file(const char *
+
+ while ((p = strstr(p, repository_path)))
+ lastp = p++;
+-
++
+ if (lastp)
+ {
+- int len = strlen(repository_path);
++ size_t len = strlen(repository_path);
+ memcpy(strip_path, fn, lastp - fn + len + 1);
+ strip_path_len = lastp - fn + len + 1;
+ strip_path[strip_path_len] = 0;
+@@ -1114,16 +1113,26 @@ static CvsFile * parse_file(const char *
+ *
+ * For now just ignore such files
+ */
+- debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring",
++ debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring",
+ fn, strip_path);
+ return NULL;
+ }
+
+ ok:
+- path_ok = 1;
+-
++ /*
++ fix for rhbz#576076
++ ./cvsps --norc -q --cvs-direct -u -A --root :pserver:anonymous at cvs-mirror.mozilla.org:/cvsroot NSS
++ */
++ if(len <= strip_path_len)
++ {
++ debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring",
++ fn, strip_path);
++ return NULL;
++ }
+ /* remove from beginning the 'strip_path' string */
+ len -= strip_path_len;
++ path_ok = 1;
++
+ memmove(fn, fn + strip_path_len, len);
+ fn[len] = 0;
+
diff --git a/cvsps.spec b/cvsps.spec
index b8fff8f..45dc84a 100644
--- a/cvsps.spec
+++ b/cvsps.spec
@@ -2,7 +2,7 @@
Name: cvsps
Version: 2.2
-Release: 0.7.%{prever}%{?dist}
+Release: 0.8.%{prever}%{?dist}
Summary: Patchset tool for CVS
Group: Development/Tools
@@ -12,6 +12,7 @@ Source0: http://www.cobite.com/cvsps/%{name}-%{version}%{prever}.tar.gz
# https://bugzilla.redhat.com/516083
Patch0: %{name}-2.2b1-dynamic-logbuf.patch
Patch1: %{name}-2.2b1-man.patch
+Patch2: %{name}-2.2b1-bufferoverflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: zlib-devel
@@ -34,6 +35,7 @@ changes were committed 'atomically' to the repository.
%setup -q -n %{name}-%{version}%{prever}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
@@ -57,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Feb 14 2011 Honza Horak <hhorak at redhat.com> - 2.2-0.8.b1
+- Patch to fix buffer overflow.
+- https://bugzilla.redhat.com/show_bug.cgi?id=576076
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list