[libytnef] 1.5-8
Andreas Bierfert
awjb at fedoraproject.org
Wed Jul 4 16:52:15 UTC 2012
commit b6b5e1a8b75e617532098245dfbcda0bdba5038b
Author: Andreas Bierfert <andreas.bierfert at lowlatency.de>
Date: Wed Jul 4 18:52:12 2012 +0200
1.5-8
- fix potential buffer overflow (rhbz#831322)
libytnef-bufferoverflow.patch | 30 ++++++++++++++++++++++++++++++
libytnef.spec | 11 +++++++++--
2 files changed, 39 insertions(+), 2 deletions(-)
---
diff --git a/libytnef-bufferoverflow.patch b/libytnef-bufferoverflow.patch
new file mode 100644
index 0000000..4498729
--- /dev/null
+++ b/libytnef-bufferoverflow.patch
@@ -0,0 +1,30 @@
+From 492f2ea1326d7825943f48aff31ed0ddc89fd2b7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 4 Jul 2012 17:04:44 +0200
+Subject: [PATCH] Fix off-by-one error when copying RTF header
+
+The RTF header (RTF_PREBUF) string is copied to temporary buffer. The
+terminating '\0' is never accessed, so it's not needed and cannot be
+written after the allocated buffer.
+
+<http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487>
+<https://bugzilla.redhat.com/show_bug.cgi?id=831322>
+---
+ ytnef.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ytnef.c b/ytnef.c
+index 482ecdc..970c048 100644
+--- a/ytnef.c
++++ b/ytnef.c
+@@ -1328,7 +1328,7 @@ unsigned char *DecompressRTF(variableLength *p, int *size) {
+
+ comp_Prebuf.size = strlen(RTF_PREBUF);
+ comp_Prebuf.data = calloc(comp_Prebuf.size, 1);
+- strcpy(comp_Prebuf.data, RTF_PREBUF);
++ memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
+
+ src = p->data;
+ in = 0;
+--
+1.7.7.6
diff --git a/libytnef.spec b/libytnef.spec
index 92bddba..e7ef717 100644
--- a/libytnef.spec
+++ b/libytnef.spec
@@ -1,12 +1,15 @@
Name: libytnef
Version: 1.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: TNEF Stream Parser Library
Group: System Environment/Libraries
License: GPL+
URL: http://ytnef.sf.net
Source0: http://dl.sf.net/ytnef/libytnef-1.5.tar.bz
+# fixes potential bufferoverflow
+# rhbz#831322
+Patch0: libytnef-bufferoverflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -27,7 +30,7 @@ developing applications that use %{name}.
%prep
%setup -q
-
+%patch0 -p1 -b.bufferoverflow
%build
%configure --disable-static
@@ -61,6 +64,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jul 04 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 1.5-8
+- fix potential buffer overflow (rhbz#831322)
+
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list