[chkrootkit/el6] update chkutmp-outofbounds patch ( grab the one from rawhide )

Tue Feb 25 15:55:26 UTC 2014

commit 53ca82f8963fcbafd8564a4ba606c485c5b28bf4
Author: Manuel Wolfshant <wolfy at fedoraproject.org>
Date:   Tue Feb 25 17:55:33 2014 +0200

    update chkutmp-outofbounds patch ( grab the one from rawhide )

 chkrootkit-0.49-chkutmp-outofbounds.patch |   70 +++++++++++++++++++++++++++--
 chkrootkit.spec                           |    5 ++-
 2 files changed, 70 insertions(+), 5 deletions(-)
---

diff --git a/chkrootkit-0.49-chkutmp-outofbounds.patch b/chkrootkit-0.49-chkutmp-outofbounds.patch
index 367ae26..ffb620a 100644
--- a/chkrootkit-0.49-chkutmp-outofbounds.patch
+++ b/chkrootkit-0.49-chkutmp-outofbounds.patch
@@ -1,12 +1,74 @@
---- chkutmp.c~	2009-07-22 08:09:41.000000000 -0500
-+++ chkutmp.c	2009-07-22 08:11:17.000000000 -0500
-@@ -60,3 +60,3 @@
+diff -Nur chkrootkit-0.49-orig/chkutmp.c chkrootkit-0.49/chkutmp.c
+--- chkrootkit-0.49-orig/chkutmp.c	2009-07-30 15:43:17.000000000 +0200
++++ chkrootkit-0.49/chkutmp.c	2010-10-14 22:31:16.000000000 +0200
+@@ -43,7 +43,6 @@
+ #endif
+ #include <ctype.h>
+ 
+-#define MAXREAD 1024
+ #define MAXBUF 4096
+ #define MAXLENGTH 256
+ #define UT_PIDSIZE 12
+@@ -58,13 +57,13 @@
+ #endif
+ 
+ struct ps_line {
 -    char ps_tty[UT_LINESIZE];
 -    char ps_user[UT_NAMESIZE];
 -    char ps_args[MAXLENGTH];
 +    char ps_tty[UT_LINESIZE+2];
 +    char ps_user[UT_NAMESIZE+2];
 +    char ps_args[MAXLENGTH+2];
-@@ -66 +66 @@
+     int ps_pid;
+ };
+ struct utmp_line {
 -    char ut_tty[UT_LINESIZE];
 +    char ut_tty[UT_LINESIZE+2];
+     int ut_pid;
+     int ut_type;
+ };
+@@ -78,7 +77,9 @@
+ int fetchps(struct ps_line *psl_p)
+ {
+     FILE *ps_fp;
+-    char line[MAXREAD + 1], pid[UT_PIDSIZE];
++    char *line = NULL;
++    size_t linelen = 0;
++    char pid[UT_PIDSIZE+2];
+     char *s, *d;
+     struct ps_line *curp = &psl_p[0];
+     struct ps_line *endp = &psl_p[MAXBUF-1];
+@@ -86,8 +87,8 @@
+ 
+     i = 0;
+     if ((ps_fp = (popen(cmd[PS_CMD], "r"))) != NULL) {
+-	fgets(line, MAXREAD, ps_fp);	/* skip header */
+-	while (fgets(line, MAXREAD, ps_fp)) {
++	getline(&line, &linelen, ps_fp);	/* skip header */
++	while (getline(&line, &linelen, ps_fp) != -1) {
+ 	    s = line;
+ 	    if (*s != '\?' && curp <= endp) {	/* only interested in lines that
+ 						 * have a tty */
+@@ -98,7 +99,7 @@
+ 		while (isspace(*s))	/* skip spaces */
+ 		    s++;
+ 		d = pid;
+-		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++)	/* grab pid */
++		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++)	/* grab pid */
+ 		    ;
+ 		*d = '\0';
+ 		curp->ps_pid = atoi(pid);
+@@ -113,11 +114,13 @@
+ 		    s++;
+ 		for (x = 0; (*d++ = *s++) && x <= MAXLENGTH; x++)	/* cmd + args */
+ 		    ;
++		*d = '\0';
+ 		i++;
+ 		curp++;
+ 	    }
+ 	}
+ 	pclose(ps_fp);
++    free(line);
+     } else {
+ 	fprintf(stderr, "\nfailed running 'ps' !\n");
+ 	exit(EXIT_FAILURE);
diff --git a/chkrootkit.spec b/chkrootkit.spec
index 814e2a5..4294ad3 100644
--- a/chkrootkit.spec
+++ b/chkrootkit.spec
@@ -1,6 +1,6 @@
 Name:           chkrootkit
 Version:        0.49
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Tool to locally check for signs of a rootkit
 Group:          Applications/System
 License:        BSD and GPLv2+ and Python
@@ -124,6 +124,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Tue Feb 25 2014 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 0.49-3
+- update chkutmp-outofbounds.patch with the one from fedora. should fix #1069632
+
 * Fri Jul 02 2010 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 0.49 -2
 - add BR for glibc-static, allowing to build in EL-6
  
