Patch we used for the DSA.
diff -u unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c
unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c
--- unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c
+++ unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c
@@ -159,9 +159,9 @@
IMM_Flush ()
{
char name[256];
- sprintf(name,"%s/.pyinput/usrphrase.tab",getenv("HOME"));
+ snprintf(name,sizeof(name)-1,"%s/.pyinput/usrphrase.tab",getenv("HOME"));
SaveUsrPhrase(name);
- sprintf(name,"%s/.pyinput/sysfrequency.tab",getenv("HOME"));
+ snprintf(name,sizeof(name)-1,"%s/.pyinput/sysfrequency.tab",getenv("HOME"));
SavePhraseFrequency(name);
return 1;
diff -u unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c
unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c
--- unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c
+++ unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c
@@ -138,21 +138,21 @@
//Rat: modified for processing user-defined dictionaries
if ((usrhome = getenv ("HOME")) != NULL)
{
- sprintf (buf, "%s/%s", usrhome, ".pyinput");
+ snprintf (buf,sizeof(buf)-1, "%s/%s", usrhome, ".pyinput");
retval = stat (buf, &statbuf);
if ((retval == 0))
{
if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
{
- sprintf (buf, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s/%s", usrhome, ".pyinput",
"usrphrase.tab");
if ( (retval = stat(buf, &statbuf)) == 0)
{
if ( statbuf.st_size < MIN_USRPHR_SIZE || LoadUsrPhrase (buf)
== -1)
{
printf ("Couldn't load %s. Please fix it. size or load
error\n", buf);
- sprintf (buf, "%s/%s", szPath,
"usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s",
szPath, "usrphrase.tab");
if ((retval = access (buf, R_OK)) == 0)
{
if (LoadUsrPhrase (buf) == -1)
@@ -164,7 +164,7 @@
else
{
creat (buf, 0600);
- sprintf (buf, "%s/%s", szPath, "usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s", szPath,
"usrphrase.tab");
if ((retval = access (buf, R_OK)) == 0)
{
if (LoadUsrPhrase (buf) == -1)
@@ -181,10 +181,10 @@
else
{
mkdir (buf, 0700); //Rat: making $HOME/.pyinput
- sprintf (buf, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s/%s", usrhome, ".pyinput",
"usrphrase.tab");
creat (buf, 0600); //Rat: making $HOME/.pyinput/usrphrase.tab
- sprintf (buf, "%s/%s", szPath, "usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab");
if ((retval = access (buf, R_OK)) == 0)
{
if (LoadUsrPhrase (buf) == -1)
@@ -197,7 +197,7 @@
else
{
printf ("Sorry, I couldn't find your $HOME.\n");
- sprintf (buf, "%s/%s", szPath, "usrphrase.tab");
+ snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab");
printf ("Turn to access %s", buf);
if ((retval = access (buf, R_OK)) != 0)
@@ -210,7 +210,7 @@
}
- sprintf(buf,"%s/%s/%s",usrhome,".pyinput","sysfrequency.tab");
+ snprintf(buf,sizeof(buf)-1,"%s/%s/%s",usrhome,".pyinput","sysfrequency.tab");
if(LoadPhraseFrequency(buf) == -1)
{
creat(buf,0700);
@@ -229,7 +229,7 @@
AdjustPhraseFreq (); // lower the freq to [0,50)
if (usrhome != NULL)
{
- sprintf (szFileName, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab");
+ snprintf (szFileName, sizeof(szFileName)-1, "%s/%s/%s", usrhome,
".pyinput", "usrphrase.tab");
SaveUsrPhrase (szFileName);
}
else
diff -u unicon-3.0.4/debian/changelog unicon-3.0.4/debian/changelog
--- unicon-3.0.4/debian/changelog
+++ unicon-3.0.4/debian/changelog
@@ -1,3 +1,11 @@
+unicon (3.0.4-11etch1) stable-security; urgency=high
+
+ * Non-maintainer upload by The Security Team.
+ * Fix the unsafe use of environmental variables.
+ [CVE-2007-2835]
+
+ -- Steve Kemp <[EMAIL PROTECTED]> Sun, 24 Jul 2007 15:02:42 +0000
+
unicon (3.0.4-11) unstable; urgency=low
* Changed TLS_PthSocket ::read ::write to Read, Write.
Steve
--
http://www.steve.org.uk/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
