Ping! This is pretty urgent, as the code that's currently in CVS won't
work and has a buffer overflow.
Igor
On Sun, 10 Aug 2003, Igor Pechtchanski wrote:
> On Sat, 9 Aug 2003, Christopher Faylor wrote:
>
> > On Sat, Aug 09, 2003 at 03:52:55PM -0400, Igor Pechtchanski wrote:
> > >On Sat, 9 Aug 2003, Christopher Faylor wrote:
> > >>On checking this patch a little further, I see that it gives a
> > >>misleading "OK" when the package file is missing. Could you detect
> > >>that case?
> > >
> > >Yes. The attached patch (against the initial one applied) does just
> > >that.
> >
> > I've checked this in, too, with some changes. The version of this file
> > in CVS had my fix to convert slashes to backslashes so your patch didn't
> > cleanly apply. I also allocated a static buffer and only calculated the
> > DOS pathname for gzip.exe once. Finally, I changed all of the
> > formatting to GNU-style.
>
> Ugh, yes, I forgot to do a CVS update... Sorry about that. As for the
> GNU-style formatting, that space between the function name and the paren
> always trips me up...
>
> Anyway, there were some bugs in the code that was checked in -- the
> attached patch fixes them.
>
> > Thanks for this increased functionality. I used this to update my own
> > installation. It looks like I had somehow damaged my installation a
> > while ago. Some files were missing, some package lists were missing.
> > Who knew?
> >
> > cgf
>
> Glad it was useful.
> Igor
> ==============================================================================
> ChangeLog:
> 2003-08-10 Igor Pechtchanski <[EMAIL PROTECTED]>
>
> * dump_setup.cc (check_package_files): Fix extra '/' in filename.
> Resize command buffer. Fix buffer overflow bug.
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ [EMAIL PROTECTED]
ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED]
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton
Index: winsup/utils/dump_setup.cc
===================================================================
RCS file: /cvs/src/src/winsup/utils/dump_setup.cc,v
retrieving revision 1.8
diff -u -p -r1.8 dump_setup.cc
--- winsup/utils/dump_setup.cc 10 Aug 2003 01:07:04 -0000 1.8
+++ winsup/utils/dump_setup.cc 10 Aug 2003 19:24:38 -0000
@@ -237,7 +237,7 @@ file_exists (int verbose, char *filename
static bool
check_package_files (int verbose, char *package)
{
- char filelist[MAX_PATH + 1] = "/etc/setup/";
+ char filelist[MAX_PATH + 1] = "etc/setup/";
strcat (strcat (filelist, package), ".lst.gz");
if (!file_exists (false, filelist, NULL, NULL))
{
@@ -253,8 +253,8 @@ check_package_files (int verbose, char *
zcat = cygpath ("/bin/gzip.exe", NULL);
while (char *p = strchr (zcat, '/'))
*p = '\\';
- zcat = (char *) realloc (zcat, strlen (zcat) + sizeof (" -dc ") + 4096);
- zcat_end = strchr (strcat (zcat, " -dc "), '\0');
+ zcat = (char *) realloc (zcat, strlen (zcat) + sizeof (" -dc /") + MAX_PATH);
+ zcat_end = strchr (strcat (zcat, " -dc /"), '\0');
}
strcpy (zcat_end, filelist);
@@ -262,7 +262,7 @@ check_package_files (int verbose, char *
bool result = true;
char buf[MAX_PATH + 1];
- while (fgets (buf, 4096, fp))
+ while (fgets (buf, MAX_PATH, fp))
{
char *filename = strtok(buf, "\n");
if (filename[strlen (filename) - 1] == '/')
