OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 13-Apr-2004 09:53:33
Branch: HEAD Handle: 2004041308533200
Modified files:
openpkg-src/sharutils sharutils.patch sharutils.spec
Log:
GNU Sharutils buffer overflow vulnerability - improved patch
Summary:
Revision Changes Path
1.3 +53 -0 openpkg-src/sharutils/sharutils.patch
1.27 +1 -1 openpkg-src/sharutils/sharutils.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/sharutils/sharutils.patch
============================================================================
$ cvs diff -u -r1.2 -r1.3 sharutils.patch
--- openpkg-src/sharutils/sharutils.patch 13 Apr 2004 07:48:56 -0000 1.2
+++ openpkg-src/sharutils/sharutils.patch 13 Apr 2004 07:53:32 -0000 1.3
@@ -1,3 +1,56 @@
http://www.securityfocus.com/archive/1/359639
GNU Sharutils buffer overflow vulnerability
+http://marc.theaimsgroup.com/?l=bugtraq&m=108164583423126
+http://marc.theaimsgroup.com/?l=bugtraq&m=108164583423126&q=p3
+GNU Sharutils buffer overflow vulnerability - improved patch
+
+--- src/shar.orig.c 2004-04-07 16:18:23.000000000 +0100
++++ src/shar.c 2004-04-07 16:39:04.000000000 +0100
+@@ -212,10 +212,10 @@
+ static long first_file_position;
+
+ /* Base for output filename. FIXME: No fix limit in GNU... */
+-static char output_base_name[50];
++static char output_base_name[512];
+
+ /* Actual output filename. FIXME: No fix limit in GNU... */
+-static char output_filename[50];
++static char output_filename[512];
+
+ static char *submitter_address = NULL;
+
+@@ -1905,9 +1905,29 @@
+ break;
+
+ case 'o':
+- strcpy (output_base_name, optarg);
+- if (!strchr (output_base_name, '%'))
+- strcat (output_base_name, ".%02d");
++ /*
++ * Note: the magic '6' below is exactly sizeof(".%02d").
++ * Don't forget to increase size of output_filename[] appropriately
++ * when you increase field width from 2 up to something greater than 4.
++ */
++ {
++ register int i = 0;
++ register char *str = optarg;
++
++ while (i < sizeof(output_base_name) - 6) {
++ register char c;
++
++ output_base_name[i++] = (c = *str++);
++ if (c == '%')
++ if (i < sizeof(output_base_name) - 6)
++ output_base_name[i++] = c;
++ else {
++ i--;
++ break;
++ }
++ }
++ strcpy (output_base_name + i, ".%02d");
++ }
+ part_number = 0;
+ open_output ();
+ break;
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/sharutils/sharutils.spec
============================================================================
$ cvs diff -u -r1.26 -r1.27 sharutils.spec
--- openpkg-src/sharutils/sharutils.spec 7 Apr 2004 12:40:09 -0000 1.26
+++ openpkg-src/sharutils/sharutils.spec 13 Apr 2004 07:53:32 -0000 1.27
@@ -34,7 +34,7 @@
Group: Archiver
License: GPL
Version: 4.2.1
-Release: 20040407
+Release: 20040413
# list of sources
Source0: ftp://ftp.gnu.org/gnu/sharutils/sharutils-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
