This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch master in repository freexl.
commit 13f40ae7660429c38d4f08032b321517e02b5d87 Author: Bas Couwenberg <[email protected]> Date: Fri Sep 15 21:31:16 2017 +0200 New upstream version 1.0.4 --- config-msvc.h | 6 +-- configure | 20 ++++---- configure.ac | 2 +- src/freexl.c | 147 +++++++++++++++++++++++++++++++++++----------------------- 4 files changed, 102 insertions(+), 73 deletions(-) diff --git a/config-msvc.h b/config-msvc.h index 0f641eb..a39d4e7 100644 --- a/config-msvc.h +++ b/config-msvc.h @@ -86,7 +86,7 @@ #define PACKAGE_NAME "FreeXL" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "FreeXL 1.0.1" +#define PACKAGE_STRING "FreeXL 1.0.4" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "freexl" @@ -95,7 +95,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.0.0e" +#define PACKAGE_VERSION "1.0.4" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -107,7 +107,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "1.0.1" +#define VERSION "1.0.4" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff --git a/configure b/configure index 8d30fc0..3f4c0a9 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for FreeXL 1.0.3. +# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='FreeXL' PACKAGE_TARNAME='freexl' -PACKAGE_VERSION='1.0.3' -PACKAGE_STRING='FreeXL 1.0.3' +PACKAGE_VERSION='1.0.4' +PACKAGE_STRING='FreeXL 1.0.4' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1326,7 +1326,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures FreeXL 1.0.3 to adapt to many kinds of systems. +\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1396,7 +1396,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of FreeXL 1.0.3:";; + short | recursive ) echo "Configuration of FreeXL 1.0.4:";; esac cat <<\_ACEOF @@ -1508,7 +1508,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -FreeXL configure 1.0.3 +FreeXL configure 1.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2052,7 +2052,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by FreeXL $as_me 1.0.3, which was +It was created by FreeXL $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2923,7 +2923,7 @@ fi # Define the identity of the package. PACKAGE='freexl' - VERSION='1.0.3' + VERSION='1.0.4' cat >>confdefs.h <<_ACEOF @@ -17813,7 +17813,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by FreeXL $as_me 1.0.3, which was +This file was extended by FreeXL $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17879,7 +17879,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -FreeXL config.status 1.0.3 +FreeXL config.status 1.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 36d5727..a44dbf4 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT(FreeXL, 1.0.3, [email protected]) +AC_INIT(FreeXL, 1.0.4, [email protected]) AC_LANG(C) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/src/freexl.c b/src/freexl.c index 2f6cae2..a0b255a 100644 --- a/src/freexl.c +++ b/src/freexl.c @@ -952,6 +952,21 @@ set_sst_value (biff_workbook * workbook, unsigned int row, unsigned short col, return FREEXL_OK; } +static size_t +xls_fread (size_t bufsz, void *buf, size_t size, size_t nmemb, FILE * fl) +{ +/* +/ Sandro 2017-09-07 +/ secure version of "fread" checking against buffer overflows +/--------------------------- +/ expected to fix the issue reported by +/ Cisco [TALOS-2017-431] +*/ + if ((size * nmemb) > bufsz) + return 0; + return fread (buf, size, nmemb, fl); +} + static fat_chain * alloc_fat_chain (int swap, unsigned short sector_shift, unsigned int directory_start) @@ -1395,7 +1410,8 @@ read_fat_sector (FILE * xls, fat_chain * chain, unsigned int sector) max_fat = 128; /* reading a FAT sector */ - if (fread (buf, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (buf), buf, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; for (i_fat = 0; i_fat < max_fat; i_fat++) @@ -1437,7 +1453,8 @@ read_difat_sectors (FILE * xls, fat_chain * chain, unsigned int sector, if (fseek (xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; /* reading a DIFAT sector */ - if (fread (&difat, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (difat), &difat, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; blocks++; if (chain->swap) @@ -1498,7 +1515,8 @@ read_miniFAT_sectors (FILE * xls, fat_chain * chain, unsigned int sector, unsigned char *p_buf = buf; block++; /* reading a miniFAT sector */ - if (fread (&buf, 1, chain->sector_size, xls) != chain->sector_size) + if (xls_fread (sizeof (buf), &buf, 1, chain->sector_size, xls) != + chain->sector_size) return FREEXL_CFBF_READ_ERROR; for (i_fat = 0; i_fat < max_fat; i_fat++) { @@ -1526,7 +1544,7 @@ read_cfbf_header (biff_workbook * workbook, int swap, int *err_code) int ret; unsigned char *p_fat = header.fat_sector_map; - if (fread (&header, 1, 512, workbook->xls) != 512) + if (xls_fread (sizeof (header), &header, 1, 512, workbook->xls) != 512) { *err_code = FREEXL_CFBF_READ_ERROR; return NULL; @@ -1672,8 +1690,9 @@ read_mini_stream (biff_workbook * workbook, int *errcode) *errcode = FREEXL_CFBF_SEEK_ERROR; return 0; } - if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (buf), buf, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) { *errcode = FREEXL_CFBF_READ_ERROR; return 0; @@ -2022,7 +2041,7 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* looping on BIFF records */ if (!first) { - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2048,9 +2067,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* INTEGER marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2075,9 +2094,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* NUMBER marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2102,9 +2121,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* BOOLERR marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2127,9 +2146,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* RK marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2154,9 +2173,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap, /* LABEL marker found */ biff_word16 word16; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2233,7 +2252,7 @@ read_legacy_biff (biff_workbook * workbook, int swap) /* attempting to get the main BOF */ rewind (workbook->xls); - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2269,7 +2288,7 @@ read_legacy_biff (biff_workbook * workbook, int swap) { /* looping on BIFF records */ - if (fread (&buf, 1, 4, workbook->xls) != 4) + if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4) return 0; memcpy (record_type.bytes, buf, 2); memcpy (record_size.bytes, buf + 2, 2); @@ -2282,7 +2301,7 @@ read_legacy_biff (biff_workbook * workbook, int swap) if (record_type.value == BIFF_SHEETSOFFSET) { -/* unsupported BIFF4W format */ + /* unsupported BIFF4W format */ return 0; } @@ -2295,9 +2314,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) if (record_type.value == BIFF_CODEPAGE) { /* CODEPAGE marker found */ - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); if (swap) @@ -2313,9 +2332,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) if (record_type.value == BIFF_DATEMODE) { /* DATEMODE marker found */ - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); if (swap) @@ -2347,9 +2366,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) int is_date = 0; int is_datetime = 0; int is_time = 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; if (workbook->biff_version == FREEXL_BIFF_VER_2 @@ -2415,9 +2434,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) /* XF [Extended Format] marker found */ unsigned char format; unsigned short s_format = 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; switch (workbook->biff_version) { @@ -2447,9 +2466,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) unsigned int rows; unsigned short columns; char *utf8_name; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record + 2, 2); @@ -2497,9 +2516,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2565,9 +2584,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2644,9 +2663,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2697,9 +2716,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -2798,9 +2817,9 @@ read_legacy_biff (biff_workbook * workbook, int swap) (workbook, swap, record_type.value, record_size.value)) return 0; - if (fread - (workbook->record, 1, record_size.value, - workbook->xls) != record_size.value) + if (xls_fread + (sizeof (workbook->record), workbook->record, 1, + record_size.value, workbook->xls) != record_size.value) return 0; memcpy (word16.bytes, workbook->record, 2); @@ -3665,8 +3684,9 @@ read_cfbf_sector (biff_workbook * workbook, unsigned char *buf) long where = (workbook->current_sector + 1) * workbook->fat->sector_size; if (fseek (workbook->xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; - if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (biff_workbook), buf, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) return FREEXL_CFBF_READ_ERROR; return FREEXL_OK; } @@ -3788,6 +3808,14 @@ read_biff_next_record (biff_workbook * workbook, int swap, int *errcode) if (record_type.value == 0x0000 && record_size.value == 0) return -1; +/* +/ Sandro 2017-09-07 +/ fixing a security issue reported by +/ Cisco [TALOS-2017-430] +*/ + if (record_size.value > sizeof (workbook->record)) + return -1; + /* saving the current record */ workbook->record_type = record_type.value; workbook->record_size = record_size.value; @@ -3967,8 +3995,9 @@ get_workbook_stream (biff_workbook * workbook) if (fseek (workbook->xls, where, SEEK_SET) != 0) return FREEXL_CFBF_SEEK_ERROR; /* reading a FAT Directory block [sector] */ - if (fread (dir_block, 1, workbook->fat->sector_size, workbook->xls) != - workbook->fat->sector_size) + if (xls_fread + (sizeof (dir_block), dir_block, 1, workbook->fat->sector_size, + workbook->xls) != workbook->fat->sector_size) return FREEXL_CFBF_READ_ERROR; workbook_start = 0xFFFFFFFF; for (i_entry = 0; i_entry < max_entries; i_entry++) -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git _______________________________________________ Pkg-grass-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
