Bug#507201: marked as done (lsb-appchk3: Missing include of stdlib.h and instances of printing a string variable directly)

Tue, 03 Nov 2009 08:52:10 -0800 

Your message dated Tue, 03 Nov 2009 15:40:52 +0000
with message-id <[email protected]>
and subject line Bug#507201: fixed in lsb-appchk3 3.2.2-1.1
has caused the Debian Bug report #507201,
regarding lsb-appchk3: Missing include of stdlib.h and instances of printing a 
string variable directly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
507201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507201
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: lsb-appchk3
Version: 3.2.2-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu jaunty ubuntu-patch

Hi,

The slightly stricter compiler in Ubuntu picked up two issues with
your package.

Firstly there is a missing stdlib.h inclusion, so NULL isn't defined
for that file. If the compiler is stricter about header inclusion
then this causes a vuild failure.

The other is two instances of directly printing the value of a string
literal without using a format string. This can be a security
vunerability if an attacker can control the value, but is more usually
just a programming issue as it can cause crashes depending on the value
of the string.

The attached patch fixes both issues, please consider applying it.

Thanks,

James

diff -u lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
--- lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
+++ lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
@@ -329,7 +329,7 @@
             }
             break;
         case 'o':
-            snprintf(output_filename, TMP_STRING_SIZE, optarg);
+            snprintf(output_filename, TMP_STRING_SIZE, "%s", optarg);
             break;
         case 'j':
             do_journal = 1;
@@ -341,7 +341,7 @@
             do_missing_symbol = 1;
             break;
         case 'l':
-            snprintf(list_filename, TMP_STRING_SIZE, optarg);
+            snprintf(list_filename, TMP_STRING_SIZE, "%s", optarg);
             break;
         default:
             usage(argv[0]);
only in patch2:
unchanged:
--- lsb-appchk3-3.2.2.orig/tests/misc/rpmchk/vals.c
+++ lsb-appchk3-3.2.2/tests/misc/rpmchk/vals.c
@@ -5,6 +5,7 @@
  *
  */
 #include "rpmchk.h"
+#include "stdlib.h"
 /*
  * This file contains some values which must match, and some places to
  * stick things which are discovered in one place, but used in another.

--- End Message ---
--- Begin Message --- 
Source: lsb-appchk3
Source-Version: 3.2.2-1.1

We believe that the bug you reported is fixed in the latest version of
lsb-appchk3, which is due to be installed in the Debian FTP archive:

lsb-appchk3_3.2.2-1.1.diff.gz
  to main/l/lsb-appchk3/lsb-appchk3_3.2.2-1.1.diff.gz
lsb-appchk3_3.2.2-1.1.dsc
  to main/l/lsb-appchk3/lsb-appchk3_3.2.2-1.1.dsc
lsb-appchk3_3.2.2-1.1_amd64.deb
  to main/l/lsb-appchk3/lsb-appchk3_3.2.2-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Zacchiroli <[email protected]> (supplier of updated lsb-appchk3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 01 Nov 2009 15:34:11 +0100
Source: lsb-appchk3
Binary: lsb-appchk3
Architecture: source amd64
Version: 3.2.2-1.1
Distribution: unstable
Urgency: low
Maintainer: Stuart R. Anderson <[email protected]>
Changed-By: Stefano Zacchiroli <[email protected]>
Description: 
 lsb-appchk3 - LSB v3.x Application checking tool
Closes: 507201
Changes: 
 lsb-appchk3 (3.2.2-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix snprintf usages (missing fmt string), include stdlib.h where NULL
     is used. Fix FTBFS, Ubuntu patch by James Westby. (Closes: #507201)
Checksums-Sha1: 
 5fdd00e91d6f4ea73fb47534aa66f356a4d54f3a 1030 lsb-appchk3_3.2.2-1.1.dsc
 994cee03f9c5053f6af933f8d00e31c281b169ba 3522 lsb-appchk3_3.2.2-1.1.diff.gz
 1ca74bda116f3a2e282df9b8e55361b3c06bbfd3 436194 lsb-appchk3_3.2.2-1.1_amd64.deb
Checksums-Sha256: 
 e7484b9e6f399974383f4735c8805fc59dc90b442b3d61cca6fd6deb0dccc6ab 1030 
lsb-appchk3_3.2.2-1.1.dsc
 e88a27633d4f726aebd8853fb6fb1d2d87b0453e4c74a8464f835b95cc7639d7 3522 
lsb-appchk3_3.2.2-1.1.diff.gz
 80d316538360d6213746764b26fa636478a4c6e291abe5183321bbd83a3945e3 436194 
lsb-appchk3_3.2.2-1.1_amd64.deb
Files: 
 8d4d2b5aeeade3a1531ef5848ab2b2ef 1030 devel optional lsb-appchk3_3.2.2-1.1.dsc
 4e23c1ec7ce4b8fd27ff6b3262a9c871 3522 devel optional 
lsb-appchk3_3.2.2-1.1.diff.gz
 f5bed1ab72280b011994f18d6ab57687 436194 devel optional 
lsb-appchk3_3.2.2-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFK7aAy1cqbBPLEI7wRAmfTAJ48BgMF4CmQvJquBq6XJmBzUb5zJwCfT2ne
EtYz8jOVzvyuzSvLy9DEnkk=
=UTp5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to