[dt] fix possible security problem with malformed message format

okozina okozina at fedoraproject.org
Wed Dec 4 13:51:54 UTC 2013 

commit 16dffd455083b41c2d8431a29882927317a27919
Author: Ondrej Kozina <okozina at redhat.com>
Date:   Wed Dec 4 14:51:31 2013 +0100

    fix possible security problem with malformed message format

 dt-17.66-wformat-security.patch |   24 ++++++++++++++++++++++++
 dt.spec                         |    8 +++++++-
 2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/dt-17.66-wformat-security.patch b/dt-17.66-wformat-security.patch
new file mode 100644
index 0000000..6c8ae45
--- /dev/null
+++ b/dt-17.66-wformat-security.patch
@@ -0,0 +1,24 @@
+diff -rupN dt.d.old/dt.c dt.d/dt.c
+--- dt.d.old/dt.c	2012-06-22 21:05:40.000000000 +0200
++++ dt.d/dt.c	2013-12-04 14:36:12.913727265 +0100
+@@ -4507,7 +4507,7 @@ report_error(
+ 	    (void)sprintf(msg_buffer, "(%d): '%s', errno = %d - %s\n",
+ 			  process_id, error_info, errno, emsg);
+ 	}
+-	syslog(LOG_ERR, msg_buffer);
++	syslog(LOG_ERR, "%s", msg_buffer);
+     }
+ #endif /* defined(SYSLOG) */
+ 
+diff -rupN dt.d.old/dtutil.c dt.d/dtutil.c
+--- dt.d.old/dtutil.c	2012-06-06 19:20:23.000000000 +0200
++++ dt.d/dtutil.c	2013-12-04 14:36:36.729650286 +0100
+@@ -5322,7 +5322,7 @@ ReportDeviceInfo (
+   	    } else {
+                 bp += Sprintf(bp, "\n");
+             }
+-	    syslog(LOG_ERR, msg_buffer);
++	    syslog(LOG_ERR, "%s", msg_buffer);
+ 	}
+ #endif /* defined(SYSLOG) */
+ 
diff --git a/dt.spec b/dt.spec
index c3379bb..53b804d 100644
--- a/dt.spec
+++ b/dt.spec
@@ -1,6 +1,6 @@
 Name:		dt
 Version:	17.66
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Generic data test program
 Group:		Applications/System
 
@@ -10,6 +10,7 @@ URL:		http://www.scsifaq.org/RMiller_Tools/dt.html
 # kindly provided by author himself
 Source0: http://dl.dropbox.com/u/32363629/Datatest/dt-source-v%{version}.tar.gz
 Patch0: dt-17.66-manpage.patch
+Patch1: dt-17.66-wformat-security.patch
 
 %description
 dt is a generic data test program used to verify proper operation of
@@ -35,6 +36,7 @@ scripts and config data are installed in %{_datadir}/%{name}.
 %prep
 %setup -q -n dt.d
 %patch0 -p1
+%patch1 -p1
 
 %build
 make %{?_smp_mflags} CFLAGS="%{optflags} -DAIO -DFIFO -DMMAP -D__linux__ -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -DTHREADS" -f Makefile.linux
@@ -57,6 +59,10 @@ install -m644 html/* $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/html
 %{_mandir}/man8/%{name}.*.gz
 
 %changelog
+* Wed Dec 04 2013 Ondrej Kozina <okozina at redhat.com> - 17.66-5
+- fix possible security problem with malformed message format
+- Resolves: #1037043
+
 * Mon Aug 05 2013 Ondrej Kozina <okozina at redhat.com> - 17.66-4
 - remove version suffix from all install directives related to documentation (reflects recent change in %doc macro)

More information about the scm-commits mailing list