This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch wheezy in repository freexl.
commit f845ebd9ccb681ebab93ac6953247194c0d4b959 Author: Bas Couwenberg <sebas...@xs4all.nl> Date: Thu Mar 26 11:38:10 2015 +0100 Add patch to fix vulnerabilities identified by American Fuzzy Lop. --- debian/changelog | 2 + debian/patches/afl-vulnerabilitities.patch | 63 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 66 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2d7a7c3..a337fd3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ freexl (1.0.0b-2) UNRELEASED; urgency=medium * Add myself to Uploaders. * Update Vcs-* URLs for move to pkg-grass & wheezy branch for Vcs-Git. + * Add patch to fix vulnerabilities identified by American Fuzzy Lop. + (closes: #781228) -- Bas Couwenberg <sebas...@debian.org> Thu, 26 Mar 2015 11:11:41 +0100 diff --git a/debian/patches/afl-vulnerabilitities.patch b/debian/patches/afl-vulnerabilitities.patch new file mode 100644 index 0000000..a03b721 --- /dev/null +++ b/debian/patches/afl-vulnerabilitities.patch @@ -0,0 +1,63 @@ +Description: Fix critical bugs identified by American Fuzzy Lop. +Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 +Author: Alessandro Furieri <a.furi...@lqt.it> +Bug-Debian: https://bugs.debian.org/781228 + +--- a/src/freexl.c ++++ b/src/freexl.c +@@ -1062,6 +1062,11 @@ allocate_cells (biff_workbook * workbook + unsigned int col; + biff_cell_value *p_cell; + ++ if (workbook == NULL) ++ return FREEXL_NULL_ARGUMENT; ++ if (workbook->active_sheet == NULL) ++ return FREEXL_NULL_ARGUMENT; ++ + /* allocating the cell values array */ + workbook->active_sheet->cell_values = + malloc (sizeof (biff_cell_value) * +@@ -1707,6 +1712,11 @@ parse_SST (biff_workbook * workbook, int + swap32 (&n_strings); + p_string = workbook->record + 8; + workbook->shared_strings.string_count = n_strings.value; ++ if (workbook->shared_strings.string_count > 1024 * 1024) ++ { ++ /* unexpected huge count ... cowardly giving up ... */ ++ return FREEXL_INSUFFICIENT_MEMORY; ++ } + workbook->shared_strings.utf8_strings = + malloc (sizeof (char **) * workbook->shared_strings.string_count); + for (i_string = 0; i_string < workbook->shared_strings.string_count; +@@ -3634,6 +3644,8 @@ read_biff_next_record (biff_workbook * w + unsigned int already_done; + unsigned int chunk = + workbook->sector_end - (workbook->p_in - workbook->sector_buf); ++ if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf)) ++ return -1; + memcpy (workbook->record, workbook->p_in, chunk); + workbook->p_in += chunk; + already_done = chunk; +@@ -3710,6 +3722,10 @@ read_mini_biff_next_record (biff_workboo + workbook->record_type = record_type.value; + workbook->record_size = record_size.value; + ++ if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size > ++ (int) workbook->size) ++ return 0; /* unexpected EOF */ ++ + memcpy (workbook->record, workbook->p_in, workbook->record_size); + workbook->p_in += record_size.value; + +@@ -3947,7 +3963,10 @@ common_open (const char *path, const voi + p_sheet->columns += 1; + ret = allocate_cells (workbook); + if (ret != FREEXL_OK) +- return ret; ++ { ++ errcode = ret; ++ goto stop; ++ } + p_sheet->valid_dimension = 1; + workbook->second_pass = 1; + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..079be2f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +afl-vulnerabilitities.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel