[ganglia] Fix buffer overflow in moddisk.so #689483

georgiou georgiou at fedoraproject.org
Tue Jun 14 16:47:47 UTC 2011 

commit 4d185009c607af7343273a6da4fa291a621af941
Author: Kostas Georgiou <georgiou at opengamma.com>
Date:   Tue Jun 14 15:36:33 2011 +0100

    Fix buffer overflow in moddisk.so #689483

 diskmetrics.patch |   12 ++++++++++++
 ganglia.spec      |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/diskmetrics.patch b/diskmetrics.patch
new file mode 100644
index 0000000..51af49a
--- /dev/null
+++ b/diskmetrics.patch
@@ -0,0 +1,12 @@
+diff -u a/libmetrics/linux/metrics.c-orig b/libmetrics/linux/metrics.c
+--- a/libmetrics/linux/metrics.c	2011-06-13 16:39:19.279753448 +0100
++++ b/libmetrics/linux/metrics.c	2011-06-13 16:46:36.936156216 +0100
+@@ -1242,7 +1242,7 @@
+       return max;
+    }
+    while ( fgets(procline, sizeof(procline), mounts) ) {
+-      rc=sscanf(procline, "%s %s %s %s ", device, mount, type, mode);
++      rc=sscanf(procline, "%127s %127s %31s %127s ", device, mount, type, mode);
+       if (!rc) continue;
+       if (!strncmp(mode, "ro", 2)) continue;
+       if (remote_mount(device, type)) continue;
diff --git a/ganglia.spec b/ganglia.spec
index 2f3b4e4..7cf57ff 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,6 +1,6 @@
 Name:               ganglia
 Version:            3.1.7
-Release:            3%{?svnrev:.r%{svnrev}}%{?dist}
+Release:            4%{?svnrev:.r%{svnrev}}%{?dist}
 Summary:            Ganglia Distributed Monitoring System
 
 Group:              Applications/Internet
@@ -10,6 +10,7 @@ Source0:            http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{vers
 #Source0:            http://www.ganglia.info/snapshots/3.1.x/%{name}-%{version}.%{svnrev}.tar.gz
 Patch0:             diskusage-pcre.patch
 Patch1:             setuserid-fix.patch
+Patch2:             diskmetrics.patch
 Buildroot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:      rrdtool-devel, apr-devel >= 1
@@ -92,6 +93,7 @@ programmers can use to build scalable cluster or grid applications
 %setup -q -n %{name}-%{version}%{?svnrev:.%{svnrev}}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 ## Hey, those shouldn't be executable...
 chmod -x lib/*.{h,x}
 
@@ -277,6 +279,9 @@ fi
 %{_datadir}/%{name}
 
 %changelog
+* Tue Feb 08 2011 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-4
+- Fix buffer overflow in moddisk.so #689483
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list