[xdialog] Fix fprintf() of untrusted format string (#1037393)

konradm konradm at fedoraproject.org
Tue Dec 3 14:00:53 UTC 2013 

commit af9515d9f75d634b549b53668a65e1704a8b783a
Author: Conrad Meyer <cse.cem at gmail.com>
Date:   Tue Dec 3 09:00:40 2013 -0500

    Fix fprintf() of untrusted format string (#1037393)

 xdialog-2.3.1-secure-fprintf.diff |   25 +++++++++++++++++++++++++
 xdialog.spec                      |    8 +++++++-
 2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/xdialog-2.3.1-secure-fprintf.diff b/xdialog-2.3.1-secure-fprintf.diff
new file mode 100644
index 0000000..bc63ef3
--- /dev/null
+++ b/xdialog-2.3.1-secure-fprintf.diff
@@ -0,0 +1,25 @@
+--- src/main.c.orig	2006-08-13 14:22:58.000000000 -0400
++++ src/main.c	2013-12-03 08:56:48.341655122 -0500
+@@ -261,21 +261,21 @@
+ 	strcpy(cmd, strlen(name) < 32 ? name : XDIALOG);
+ 
+ 	strcpysafe(msg, HELP_TEXT1, HELP_MSG_SIZE);
+ 	strcatsafe(msg, cmd, HELP_MSG_SIZE);
+ 	strcatsafe(msg, HELP_TEXT2, HELP_MSG_SIZE);
+ #ifdef USE_SCANF
+ 	strcatsafe(msg, HELP_TEXT3, HELP_MSG_SIZE);
+ #endif
+ 
+ 	fprintf(stderr, "%s: %s !\n", cmd, errmsg);
+-	fprintf(stderr, msg);
++	fprintf(stderr, "%s", msg);
+ 
+ 	if (strlen(msg) == HELP_MSG_SIZE-1)
+ 		fprintf(stderr, "\n\nHelp message truncated, please re-compile "\
+ 				"after increasing HELP_MSG_SIZE in main.c !\n");
+ 
+ 	strcpysafe(Xdialog.title, "Usage for ", MAX_TITLE_LENGTH);
+ 	strcatsafe(Xdialog.title, cmd, MAX_TITLE_LENGTH);
+ 	Xdialog.cancel_button = Xdialog.help = Xdialog.icon = Xdialog.check = FALSE;
+ 	if (!Xdialog.print) {
+ 		Xdialog.print = TRUE;
diff --git a/xdialog.spec b/xdialog.spec
index bc49248..e9b1d1e 100644
--- a/xdialog.spec
+++ b/xdialog.spec
@@ -3,13 +3,15 @@
 Name: xdialog
 Summary: X11 drop in replacement for cdialog
 Version: 2.3.1
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPL+
 Group: Applications/System
 URL: http://xdialog.free.fr
 
 Source0: http://xdialog.free.fr/%{real_name}-%{version}.tar.bz2
 Patch0: xdialog-2.3.1-nostrip.patch
+# RHBZ #1037393: Fixes a format string vulnerability (via argv[0])
+Patch1: xdialog-2.3.1-secure-fprintf.diff
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: gtk+-devel >= 1.2.0
@@ -34,6 +36,7 @@ iconv -f latin1 -t utf8 ChangeLog > ChangeLog.utf8
 touch -c -r ChangeLog ChangeLog.utf8
 mv ChangeLog.utf8 ChangeLog
 %patch0 -p1 -b .nostrip
+%patch1 -p0 -b .fprintf
 touch -c -r configure.nostrip configure
 touch -c -r configure.in.nostrip configure.in
 
@@ -75,6 +78,9 @@ rm -rf %{buildroot}
 %exclude %{_docdir}/%{real_name}-%{version}
 
 %changelog
+* Tue Dec  3 2013 Conrad Meyer <cemeyer at uw.edu> - 2.3.1-12
+- Fix fprintf() of untrusted format string (#1037393)
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list