[iniparser] Fix possible crash with crafted ini files.
asn
asn at fedoraproject.org
Fri Jan 10 10:21:27 UTC 2014
commit 52abde27e6b50e0a4f3aa19a242268f12da36e84
Author: Andreas Schneider <asn at cryptomilk.org>
Date: Fri Jan 10 11:10:51 2014 +0100
Fix possible crash with crafted ini files.
resolves: #1031119
...rser-3.1-Fix-crash-with-crafted-ini-files.patch | 40 ++++++++++++++++++++
iniparser-3.1-fix_long_line_crash.patch | 22 +++++++++++
iniparser.spec | 7 +++-
3 files changed, 68 insertions(+), 1 deletions(-)
---
diff --git a/iniparser-3.1-Fix-crash-with-crafted-ini-files.patch b/iniparser-3.1-Fix-crash-with-crafted-ini-files.patch
new file mode 100644
index 0000000..8af9500
--- /dev/null
+++ b/iniparser-3.1-Fix-crash-with-crafted-ini-files.patch
@@ -0,0 +1,40 @@
+From 654ea5fae25f0863d958e3ecd0bc0672603e0b4c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 10 Jan 2014 11:15:43 +0100
+Subject: [PATCH] Fix crash with crafted ini files.
+
+If the key or value is bigger than 1024 we will end up in a buffer
+overflow. The overflow is caught by _FORTIFY_SOURCE, so it's definitely
+DoS-only. Curiously, because of ample space in the stack frame, it does
+not result in a crash without _FORTIFY_SOURCE in all cases.
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ src/iniparser.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/iniparser.c b/src/iniparser.c
+index 4430032..18dbbbe 100644
+--- a/src/iniparser.c
++++ b/src/iniparser.c
+@@ -633,7 +633,7 @@ dictionary * iniparser_load(const char * ininame)
+ char line [ASCIILINESZ+1] ;
+ char section [ASCIILINESZ+1] ;
+ char key [ASCIILINESZ+1] ;
+- char tmp [ASCIILINESZ+1] ;
++ char tmp [(ASCIILINESZ * 2) + 1] ;
+ char val [ASCIILINESZ+1] ;
+
+ int last=0 ;
+@@ -699,7 +699,7 @@ dictionary * iniparser_load(const char * ininame)
+ break ;
+
+ case LINE_VALUE:
+- sprintf(tmp, "%s:%s", section, key);
++ snprintf(tmp, sizeof(tmp), "%s:%s", section, key);
+ errs = dictionary_set(dict, tmp, val) ;
+ break ;
+
+--
+1.8.4.2
+
diff --git a/iniparser-3.1-fix_long_line_crash.patch b/iniparser-3.1-fix_long_line_crash.patch
new file mode 100644
index 0000000..e0e4c8f
--- /dev/null
+++ b/iniparser-3.1-fix_long_line_crash.patch
@@ -0,0 +1,22 @@
+Index: iniparser/src/iniparser.c
+===================================================================
+--- iniparser.orig/src/iniparser.c
++++ iniparser/src/iniparser.c
+@@ -633,7 +633,7 @@ dictionary * iniparser_load(const char *
+ char line [ASCIILINESZ+1] ;
+ char section [ASCIILINESZ+1] ;
+ char key [ASCIILINESZ+1] ;
+- char tmp [ASCIILINESZ+1] ;
++ char tmp [(ASCIILINESZ * 2) + 1] ;
+ char val [ASCIILINESZ+1] ;
+
+ int last=0 ;
+@@ -699,7 +699,7 @@ dictionary * iniparser_load(const char *
+ break ;
+
+ case LINE_VALUE:
+- sprintf(tmp, "%s:%s", section, key);
++ snprintf(tmp, sizeof(tmp), "%s:%s", section, key);
+ errs = dictionary_set(dict, tmp, val) ;
+ break ;
+
diff --git a/iniparser.spec b/iniparser.spec
index b9a8a36..cf8ee5e 100644
--- a/iniparser.spec
+++ b/iniparser.spec
@@ -3,13 +3,14 @@
Name: iniparser
Version: 3.1
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: C library for parsing "INI-style" files
Group: System Environment/Libraries
License: MIT
URL: http://ndevilla.free.fr/%{name}/
Source0: http://ndevilla.free.fr/%{name}/%{name}-%{version}.tar.gz
+Patch0: iniparser-3.1-Fix-crash-with-crafted-ini-files.patch
%description
iniParser is an ANSI C library to parse "INI-style" files, often used to
@@ -27,6 +28,7 @@ you will need to install %{name}-devel.
%prep
%setup -q -n %{name}
+%patch0 -p1 -b .iniparser-3.1-Fix-crash-with-crafted-ini-files.patch
%build
# remove library rpath from Makefile
@@ -64,6 +66,9 @@ make check
%{_includedir}/*.h
%changelog
+* Fri Jan 10 2014 - Andreas Schneider <asn at redhat.com> - 3.1-4
+- resolves: #1031119 - Fix possible crash with crafted ini files.
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list