[symlinks] Applied patches from Jiri Popelka: Fix off-by-one error in call to readlink. Fix possible buffer ove
Tim Waugh
twaugh at fedoraproject.org
Fri May 20 14:34:14 UTC 2011
commit e7fa1c3d9153eac7808153c1c36b6cadd141c62b
Author: Tim Waugh <twaugh at redhat.com>
Date: Fri May 20 15:33:52 2011 +0100
Applied patches from Jiri Popelka:
Fix off-by-one error in call to readlink.
Fix possible buffer overrun found by coverity.
symlinks-coverity-overrun-dynamic.patch | 12 ++++++++++++
symlinks-coverity-readlink.patch | 12 ++++++++++++
symlinks.spec | 15 ++++++++++++++-
3 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/symlinks-coverity-overrun-dynamic.patch b/symlinks-coverity-overrun-dynamic.patch
new file mode 100644
index 0000000..e5f0b49
--- /dev/null
+++ b/symlinks-coverity-overrun-dynamic.patch
@@ -0,0 +1,12 @@
+diff -up symlinks-1.4/symlinks.c.coverity-overrun-dynamic symlinks-1.4/symlinks.c
+--- symlinks-1.4/symlinks.c.coverity-overrun-dynamic 2011-05-20 14:10:25.682843723 +0100
++++ symlinks-1.4/symlinks.c 2011-05-20 14:11:15.792920839 +0100
+@@ -44,7 +44,7 @@ static int substr (char *s, char *old, c
+ newlen = strlen(new);
+
+ if (newlen > oldlen) {
+- if ((tmp = malloc(strlen(s))) == NULL) {
++ if ((tmp = malloc(strlen(s)+1)) == NULL) {
+ fprintf(stderr, "no memory\n");
+ exit (1);
+ }
diff --git a/symlinks-coverity-readlink.patch b/symlinks-coverity-readlink.patch
new file mode 100644
index 0000000..ce28ff8
--- /dev/null
+++ b/symlinks-coverity-readlink.patch
@@ -0,0 +1,12 @@
+diff -up symlinks-1.4/symlinks.c.coverity-readlink symlinks-1.4/symlinks.c
+--- symlinks-1.4/symlinks.c.coverity-readlink 2009-10-09 15:03:55.000000000 +0100
++++ symlinks-1.4/symlinks.c 2011-05-20 14:10:25.682843723 +0100
+@@ -160,7 +160,7 @@ static void fix_symlink (char *path, dev
+ struct stat stbuf, lstbuf;
+ int c, fix_abs = 0, fix_messy = 0, fix_long = 0;
+
+- if ((c = readlink(path, lpath, sizeof(lpath))) == -1) {
++ if ((c = readlink(path, lpath, sizeof(lpath)-1)) == -1) {
+ perror(path);
+ return;
+ }
diff --git a/symlinks.spec b/symlinks.spec
index 97d3d14..4b30626 100644
--- a/symlinks.spec
+++ b/symlinks.spec
@@ -2,12 +2,14 @@ Summary: A utility which maintains a system's symbolic links
Name: symlinks
URL: ftp://metalab.unc.edu/pub/Linux/utils/file/
Version: 1.4
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: Applications/System
License: Copyright only
Source0: http://ibiblio.org/pub/Linux/utils/file/%{name}-%{version}.tar.gz
# Taken from http://packages.debian.org/changelogs/pool/main/s/symlinks/symlinks_1.2-4.2/symlinks.copyright
Source1: symlinks-LICENSE.txt
+Patch1: symlinks-coverity-readlink.patch
+Patch2: symlinks-coverity-overrun-dynamic.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@@ -23,6 +25,12 @@ symlinks on your system.
%setup -q
cp %{SOURCE1} .
+# Fix off-by-one error in call to readlink.
+%patch1 -p1 -b .coverity-readlink
+
+# Fix possible buffer overrun found by coverity.
+%patch2 -p1 -b .coverity-overrun-dynamic
+
%build
make CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)" %{?_smp_mflags}
@@ -43,6 +51,11 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/symlinks.8*
%changelog
+* Fri May 20 2011 Tim Waugh <twaugh at redhat.com> 1.4-4
+- Applied patches from Jiri Popelka:
+ - Fix off-by-one error in call to readlink.
+ - Fix possible buffer overrun found by coverity.
+
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list