Author: tille Date: 2015-12-20 20:26:55 +0000 (Sun, 20 Dec 2015) New Revision: 20836
Added: trunk/packages/ctn/trunk/debian/patches/mayhem.patch Modified: trunk/packages/ctn/trunk/debian/changelog trunk/packages/ctn/trunk/debian/patches/series Log: Fix mayhem issues by checking missing parameters - if only upstream would use getopt Modified: trunk/packages/ctn/trunk/debian/changelog =================================================================== --- trunk/packages/ctn/trunk/debian/changelog 2015-12-20 16:57:11 UTC (rev 20835) +++ trunk/packages/ctn/trunk/debian/changelog 2015-12-20 20:26:55 UTC (rev 20836) @@ -1,8 +1,10 @@ -ctn (3.2.0~dfsg-3) UNRELEASED; urgency=medium +ctn (3.2.0~dfsg-3) unstable; urgency=medium * cme fix dpkg-control + * Fix mayhem issues by checking missing parameters + Closes: #715642, #715749, #715765, #715766, #715782 - -- Andreas Tille <ti...@debian.org> Sun, 20 Dec 2015 17:55:20 +0100 + -- Andreas Tille <ti...@debian.org> Sun, 20 Dec 2015 21:12:06 +0100 ctn (3.2.0~dfsg-2) unstable; urgency=medium Added: trunk/packages/ctn/trunk/debian/patches/mayhem.patch =================================================================== --- trunk/packages/ctn/trunk/debian/patches/mayhem.patch (rev 0) +++ trunk/packages/ctn/trunk/debian/patches/mayhem.patch 2015-12-20 20:26:55 UTC (rev 20836) @@ -0,0 +1,287 @@ +Author: Andreas Tille <ti...@debian.org> +Last-Update: Sun, 20 Dec 2015 17:55:20 +0100 +Bug-Debian: https://bugs.debian.org/715642, + https://bugs.debian.org/715749, + https://bugs.debian.org/715765, + https://bugs.debian.org/715766, + https://bugs.debian.org/715782 +Description: Fix mayhem issues + If upstream only would use getopt ... + +--- a/apps/image_archive/archive_server.c ++++ b/apps/image_archive/archive_server.c +@@ -464,7 +464,7 @@ must be setuid root (see chmod)\n"; + doBLG = TRUE; + break; + case 'C': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; +@@ -482,14 +482,14 @@ must be setuid root (see chmod)\n"; + controlDatabase = *argv; + break; + case 'g': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; + genericAE = *argv; + break; + case 'l': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; +@@ -499,7 +499,7 @@ must be setuid root (see chmod)\n"; + forgiveFlag = TRUE; + break; + case 'm': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; +@@ -507,14 +507,14 @@ must be setuid root (see chmod)\n"; + usageerror(); + break; + case 'n': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; + strcpy(node, *argv); + break; + case 'o': +- if (argc < 1) ++ if (argc < 1 || !argv[argc]) + usageerror(); + argc--; + argv++; +@@ -542,7 +542,7 @@ must be setuid root (see chmod)\n"; + verboseDUL = TRUE; + break; + case 'x': +- if (--argc < 1) ++ if (--argc < 1 || !argv[argc]) + usageerror(); + argv++; + if (strcmp(*argv, "TBL") == 0) +@@ -553,7 +553,7 @@ must be setuid root (see chmod)\n"; + usageerror(); + break; + case 'z': +- if (argc < 2) ++ if (argc < 2 || !argv[argc]) + usageerror(); + argc--; + argv++; +@@ -568,7 +568,6 @@ must be setuid root (see chmod)\n"; + break; + } + } +- + if (argc < 1) + usageerror(); + +--- a/apps/storage_commit/commit_agent.c ++++ b/apps/storage_commit/commit_agent.c +@@ -139,6 +139,10 @@ must be setuid root (see chmod)\n"; + usageerror(); + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -f\n"); ++ usageerror(); ++ } + controlDatabase = *argv; + break; + case 'l': +@@ -146,6 +150,10 @@ must be setuid root (see chmod)\n"; + usageerror(); + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -l\n"); ++ usageerror(); ++ } + logFile = *argv; + break; + case 'i': +@@ -156,6 +164,10 @@ must be setuid root (see chmod)\n"; + usageerror(); + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -n\n"); ++ usageerror(); ++ } + strcpy(node, *argv); + break; + case 'q': +@@ -171,6 +183,10 @@ must be setuid root (see chmod)\n"; + if (--argc < 1) + usageerror(); + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -x\n"); ++ usageerror(); ++ } + if (strcmp(*argv, "TBL") == 0) + verboseTBL = TRUE; + else if (strcmp(*argv, "SRV") == 0) +@@ -183,13 +199,10 @@ must be setuid root (see chmod)\n"; + break; + } + } +- + if (argc < 1) + usageerror(); +- + if (sscanf(*argv++, "%d", &port) != 1) + usageerror(); +- + (void) signal(SIGUSR1, SIG_IGN); + if (port < 1024) { + if (geteuid() != 0) { +--- a/apps/displays/ctndisp.c ++++ b/apps/displays/ctndisp.c +@@ -175,6 +175,10 @@ main(int argc, char **argv) + if ((strcmp(*argv, "-q")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing required argument for option -q\n"); ++ exit(-1); ++ } + image_Q_id = atoi(*argv); + if (image_Q_id < 0) { + COND_PushCondition(CTNDISP_CMDLINE, +@@ -187,6 +191,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-w")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing required argument for option -w\n"); ++ exit(-1); ++ } + G_display_width = atoi(*argv); + if (G_display_width < MIN_DISPLAY_WIDTH) { + COND_PushCondition(CTNDISP_CMDLINE, +@@ -200,6 +208,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-h")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing required argument for option -h\n"); ++ exit(-1); ++ } + G_display_height = atoi(*argv); + if (G_display_height < MIN_DISPLAY_HEIGHT) { + COND_PushCondition(CTNDISP_CMDLINE, +@@ -213,6 +225,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-n")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing required argument for option -n\n"); ++ exit(-1); ++ } + strcpy(G_nodename, *argv); + node_arg++; + argc--; +@@ -223,7 +239,6 @@ main(int argc, char **argv) + exit(-1); + } + } +- + /* + * -1's indicate to set the width and height to full screen + */ +@@ -232,7 +247,6 @@ main(int argc, char **argv) + + if (node_arg == 0) + strcpy(G_nodename, "UNKNOWN"); +- + /* + * Initialize the Generalized Queue for images and status messages + */ +--- a/apps/ctnnetwork/ctnnetwork.c ++++ b/apps/ctnnetwork/ctnnetwork.c +@@ -123,7 +123,6 @@ main(int argc, char **argv) + + THR_Init(); + QueueElementSize = sizeof(CTNNETWORK_Queue); +- + /* + * Get the input paramaters from command line + */ +@@ -140,6 +139,10 @@ main(int argc, char **argv) + if ((strcmp(*argv, "-q")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -q\n"); ++ exit(-1); ++ } + image_Q_id = atoi(*argv); + if (image_Q_id < 0) { + COND_PushCondition(CTNNETWORK_CMDLINE, +@@ -152,6 +155,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-w")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -w\n"); ++ exit(-1); ++ } + G_display_width = atoi(*argv); + if (G_display_width < MIN_DISPLAY_WIDTH) { + COND_PushCondition(CTNNETWORK_CMDLINE, +@@ -164,6 +171,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-h")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -h\n"); ++ exit(-1); ++ } + G_display_height = atoi(*argv); + if (G_display_height < MIN_DISPLAY_HEIGHT) { + COND_PushCondition(CTNNETWORK_CMDLINE, +@@ -176,6 +187,10 @@ main(int argc, char **argv) + } else if ((strcmp(*argv, "-n")) == 0) { + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -n\n"); ++ exit(-1); ++ } + strcpy(G_nodename, *argv); + G_Number = atoi(*argv); + argc--; +--- a/apps/dcm_diff/dcm_diff.c ++++ b/apps/dcm_diff/dcm_diff.c +@@ -390,6 +390,10 @@ main(int argc, char **argv) + case 'm': + argc--; + argv++; ++ if (!*argv) { ++ fprintf(stderr, "Missing argument for option -m\n"); ++ usageerror(); ++ } + vmLimit = atoi(*argv); + break; + case 'o': +@@ -413,6 +417,7 @@ main(int argc, char **argv) + + THR_Init(); + DCM_Debug(verbose); ++ + if (argc != 2) + usageerror(); + Modified: trunk/packages/ctn/trunk/debian/patches/series =================================================================== --- trunk/packages/ctn/trunk/debian/patches/series 2015-12-20 16:57:11 UTC (rev 20835) +++ trunk/packages/ctn/trunk/debian/patches/series 2015-12-20 20:26:55 UTC (rev 20836) @@ -5,3 +5,4 @@ 30_hardening.patch 40_spelling.patch 50_clang_FTBFS_Wreturn-type.patch +mayhem.patch _______________________________________________ debian-med-commit mailing list debian-med-commit@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-commit