[libytnef] 1.5-8

Wed Jul 4 16:52:15 UTC 2012

commit b6b5e1a8b75e617532098245dfbcda0bdba5038b
Author: Andreas Bierfert <andreas.bierfert at lowlatency.de>
Date:   Wed Jul 4 18:52:12 2012 +0200

    1.5-8
    
    - fix potential buffer overflow (rhbz#831322)

 libytnef-bufferoverflow.patch |   30 ++++++++++++++++++++++++++++++
 libytnef.spec                 |   11 +++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)
---

diff --git a/libytnef-bufferoverflow.patch b/libytnef-bufferoverflow.patch
new file mode 100644
index 0000000..4498729
--- /dev/null
+++ b/libytnef-bufferoverflow.patch
@@ -0,0 +1,30 @@
+From 492f2ea1326d7825943f48aff31ed0ddc89fd2b7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 4 Jul 2012 17:04:44 +0200
+Subject: [PATCH] Fix off-by-one error when copying RTF header
+
+The RTF header (RTF_PREBUF) string is copied to temporary buffer. The
+terminating '\0' is never accessed, so it's not needed and cannot be
+written after the allocated buffer.
+
+<http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487>
+<https://bugzilla.redhat.com/show_bug.cgi?id=831322>
+---
+ ytnef.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ytnef.c b/ytnef.c
+index 482ecdc..970c048 100644
+--- a/ytnef.c
++++ b/ytnef.c
+@@ -1328,7 +1328,7 @@ unsigned char *DecompressRTF(variableLength *p, int *size) {
+ 
+     comp_Prebuf.size = strlen(RTF_PREBUF);
+     comp_Prebuf.data = calloc(comp_Prebuf.size, 1);
+-    strcpy(comp_Prebuf.data, RTF_PREBUF);
++    memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
+ 
+     src = p->data;
+     in = 0;
+-- 
+1.7.7.6
diff --git a/libytnef.spec b/libytnef.spec
index 92bddba..e7ef717 100644
--- a/libytnef.spec
+++ b/libytnef.spec
@@ -1,12 +1,15 @@
 Name:           libytnef
 Version:        1.5
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        TNEF Stream Parser Library
 
 Group:          System Environment/Libraries
 License:        GPL+
 URL:            http://ytnef.sf.net
 Source0:        http://dl.sf.net/ytnef/libytnef-1.5.tar.bz
+# fixes potential bufferoverflow
+# rhbz#831322
+Patch0:         libytnef-bufferoverflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 
@@ -27,7 +30,7 @@ developing applications that use %{name}.
 
 %prep
 %setup -q
-
+%patch0 -p1 -b.bufferoverflow
 
 %build
 %configure --disable-static
@@ -61,6 +64,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Jul 04 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 1.5-8
+- fix potential buffer overflow (rhbz#831322)
+
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 
