[expect] Use vsnprintf instead of vsprintf to avoid buffer overflow

vcrhonek vcrhonek at fedoraproject.org
Thu Dec 12 14:25:28 UTC 2013


commit 7005ff533001bbc0f5ffa73927d8e1dddb9f5f60
Author: Vitezslav Crhonek <vcrhonek at redhat.com>
Date:   Thu Dec 12 15:25:24 2013 +0100

    Use vsnprintf instead of vsprintf to avoid buffer overflow

 expect-5.45-exp-log-buf-overflow.patch |   39 ++++++++++++++++++++++++++++++++
 expect.spec                            |    9 ++++++-
 2 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/expect-5.45-exp-log-buf-overflow.patch b/expect-5.45-exp-log-buf-overflow.patch
new file mode 100644
index 0000000..162db80
--- /dev/null
+++ b/expect-5.45-exp-log-buf-overflow.patch
@@ -0,0 +1,39 @@
+diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
+--- expect5.45/exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
++++ expect5.45/exp_log.c	2013-12-12 12:49:26.866576387 +0100
+@@ -176,7 +176,7 @@ expStdoutLog TCL_VARARGS_DEF(int,arg1)
+ 
+     if ((!tsdPtr->logUser) && (!force_stdout) && (!tsdPtr->logAll)) return;
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->logAll || (LOGUSER && tsdPtr->logChannel)) Tcl_WriteChars(tsdPtr->logChannel,bigbuf,-1);
+     if (LOGUSER) fprintf(stdout,"%s",bigbuf);
+@@ -222,7 +222,7 @@ expErrorLog TCL_VARARGS_DEF(char *,arg1)
+     va_list args;
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteChars(bigbuf,-1);
+     fprintf(stderr,"%s",bigbuf);
+@@ -264,7 +264,7 @@ expDiagLog TCL_VARARGS_DEF(char *,arg1)
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->diagToStderr) {
+@@ -307,7 +307,7 @@ expPrintf TCL_VARARGS_DEF(char *,arg1)
+   int len, rc;
+ 
+   fmt = TCL_VARARGS_START(char *,arg1,args);
+-  len = vsprintf(bigbuf,arg1,args);
++  len = vsnprintf(bigbuf,sizeof(bigbuf),arg1,args);
+  retry:
+   rc = write(2,bigbuf,len);
+   if ((rc == -1) && (errno == EAGAIN)) goto retry;
diff --git a/expect.spec b/expect.spec
index 27e8d12..9183638 100644
--- a/expect.spec
+++ b/expect.spec
@@ -5,7 +5,7 @@
 Summary: A program-script interaction and testing utility
 Name: expect
 Version: %{majorver}
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: Public Domain
 Group: Development/Languages
 # URL: probably more useful is http://sourceforge.net/projects/expect/
@@ -23,6 +23,8 @@ Patch2: expect-5.45-man-page.patch
 Patch3: expect-5.45-match-gt-numchars-segfault.patch
 # Patch4: fixes memory leak when using -re, http://sourceforge.net/p/expect/patches/13/
 Patch4: expect-5.45-re-memleak.patch
+# Patch5: use vsnprintf instead of vsprintf to avoid buffer overflow
+Patch5: expect-5.45-exp-log-buf-overflow.patch
 # examples patches
 # Patch100: changes random function
 Patch100: expect-5.32.2-random.patch
@@ -81,6 +83,7 @@ of expectk.
 %patch2 -p1 -b .man-page
 %patch3 -p1 -b .match-gt-numchars-segfault
 %patch4 -p1 -b .re-memleak
+%patch5 -p1 -b .exp-log-buf-overflow
 # examples fixes
 %patch100 -p1 -b .random
 %patch101 -p1 -b .mkpasswd-dash
@@ -170,6 +173,10 @@ rm -rf "$RPM_BUILD_ROOT"
 %{_mandir}/man1/tknewsbiff.1*
 
 %changelog
+* Thu Dec 12 2013 Vitezslav Crhonek <vcrhonek at redhat.com> - 5.45-13
+- Use vsnprintf instead of vsprintf to avoid buffer overflow
+  (it happens e.g. when running systemtap testsuite)
+
 * Wed Oct 02 2013 Vitezslav Crhonek <vcrhonek at redhat.com> - 5.45-12
 - Fix memory leak when using -re option
 


More information about the scm-commits mailing list