[psfex] Fix formar security bug (bz #1037258)

Sergio Pascual sergiopr at fedoraproject.org
Thu Dec 5 11:18:42 UTC 2013 

commit ad659b967fc60292a1a5f34df4798f684cfb7be0
Author: Sergio Pascual <sergiopr at fis.ucm.es>
Date:   Thu Dec 5 12:18:34 2013 +0100

    Fix formar security bug (bz #1037258)
    
    - Spec cleanups

 psfex-format-sec.patch |   65 ++++++++++++++++++++++++++++++++++++++++++++++++
 psfex.spec             |   12 +++++---
 2 files changed, 72 insertions(+), 5 deletions(-)
---
diff --git a/psfex-format-sec.patch b/psfex-format-sec.patch
new file mode 100644
index 0000000..465861d
--- /dev/null
+++ b/psfex-format-sec.patch
@@ -0,0 +1,65 @@
+diff -ur psfex-3.9.1/src/field.c psfex-3.9.1.format/src/field.c
+--- psfex-3.9.1/src/field.c	2010-11-03 23:08:09.000000000 +0100
++++ psfex-3.9.1.format/src/field.c	2013-12-05 11:51:29.426512559 +0100
+@@ -394,7 +394,7 @@
+ 
+   cat = new_cat(1);
+   init_cat(cat);
+-  sprintf(cat->filename, filename);
++  sprintf(cat->filename, "%s", filename);
+   if (open_cat(cat, WRITE_ONLY) != RETURN_OK)
+     error(EXIT_FAILURE, "*Error*: cannot open for writing ", cat->filename);
+ /* Write primary HDU */
+diff -ur psfex-3.9.1/src/xml.c psfex-3.9.1.format/src/xml.c
+--- psfex-3.9.1/src/xml.c	2010-10-25 20:00:03.000000000 +0200
++++ psfex-3.9.1.format/src/xml.c	2013-12-05 11:56:57.887051460 +0100
+@@ -1201,7 +1201,7 @@
+ 		name, ucd);
+       break;
+     case P_STRING:
+-      sprintf(value, (char *)key[i].ptr);
++      sprintf(value, "%s", (char *)key[i].ptr);
+       fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
+ 	" ucd=\"%s\" value=\"%s\"/>\n",
+ 	name, ucd, value);
+@@ -1210,13 +1210,13 @@
+       n = *(key[i].nlistptr);
+       if (n)
+         {
+-        sprintf(value, ((char **)key[i].ptr)[0]);
++        sprintf(value, "%s", ((char **)key[i].ptr)[0]);
+         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
+ 		" arraysize=\"*\" ucd=\"%s\" value=\"%s",
+ 		name, ucd, value);
+         for (j=1; j<n; j++)
+           {
+-          sprintf(value, ((char **)key[i].ptr)[j]);
++          sprintf(value, "%s", ((char **)key[i].ptr)[j]);
+           fprintf(file, ",%s", value);
+           }
+         fprintf(file, "\"/>\n");
+@@ -1227,7 +1227,7 @@
+ 		name, ucd);
+       break;
+     case P_KEY:
+-      sprintf(value, key[i].keylist[*((int *)key[i].ptr)]);
++      sprintf(value, "%s", key[i].keylist[*((int *)key[i].ptr)]);
+       fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
+ 	" ucd=\"%s\" value=\"%s\"/>\n",
+ 	name, ucd, value);
+@@ -1236,13 +1236,13 @@
+       n = *(key[i].nlistptr);
+       if (n)
+         {
+-        sprintf(value, key[i].keylist[((int *)key[i].ptr)[0]]);
++        sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[0]]);
+         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
+ 		" arraysize=\"*\" ucd=\"%s\" value=\"%s",
+ 		name, ucd, value);
+         for (j=1; j<n; j++)
+           {
+-          sprintf(value, key[i].keylist[((int *)key[i].ptr)[j]]);
++          sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[j]]);
+           fprintf(file, ",%s", value);
+           }
+         fprintf(file, "\"/>\n");
diff --git a/psfex.spec b/psfex.spec
index b7f64d2..32da160 100644
--- a/psfex.spec
+++ b/psfex.spec
@@ -1,6 +1,6 @@
 Name: psfex
 Version: 3.9.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: Model the Point Spread Function from FITS images
 
 Group: Applications/Engineering
@@ -9,6 +9,7 @@ URL: http://astromatic.iap.fr/software/%{name}
 Source0: http://www.astromatic.net/download/%{name}/%{name}-%{version}.tar.gz
 # Change plcol() to plcol0()
 Patch0: psfex-plplot.patch
+Patch1: psfex-format-sec.patch
 BuildRequires: fftw-devel >= 3.1
 BuildRequires: atlas-devel >= 3.6.0
 BuildRequires: plplot-devel >= 5.3.1
@@ -22,6 +23,7 @@ morphological analyses.
 %prep
 %setup -q
 %patch0 -p1 -b .plplot
+%patch1 -p1 
 %if 0%{?fedora} >= 21
 # New atlas libs
 sed -i -e '/LIBS*=.*atlas/s,=.*,="-L%{_libdir}/atlas -lsatlas",' configure
@@ -35,11 +37,7 @@ make %{?_smp_mflags}
 rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 
-%clean
-rm -rf %{buildroot}
-
 %files
-%defattr(-,root,root,-)
 %doc AUTHORS COPYRIGHT HISTORY LICENSE README THANKS doc/psfex.pdf
 %{_bindir}/%{name}
 %{_mandir}/man1/%{name}.1*
@@ -47,6 +45,10 @@ rm -rf %{buildroot}
 %{_datadir}/%{name}/
 
 %changelog
+* Thu Dec 05 2013 Sergio Pascual <sergiopr at fedoraproject.org> - 3.9.1-10
+- Fix formar security bug (bz #1037258)
+- Spec cleanups
+
 * Wed Oct 2 2013 Orion Poplawski <orion at cora.nwra.com> - 3.9.1-9
 - Rebuild for plplot 5.9.10
 - Patch configure for atlas 3.10 library names

More information about the scm-commits mailing list