Enlightenment CVS committal
Author : mej
Project : eterm
Module : libast
Dir : eterm/libast/src
Modified Files:
conf.c mbuff.c obj.c
Log Message:
Mon Jan 23 14:29:26 2006 Michael Jennings (mej)
0.7 final release. Includes fix for CVE-2006-0224 buffer overflow
discovered by Rosiello Security. Details can be found at
http://www.rosiello.org/en/read_bugs.php?id=25
----------------------------------------------------------------------
===================================================================
RCS file: /cvsroot/enlightenment/eterm/libast/src/conf.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -3 -r1.26 -r1.27
--- conf.c 7 Mar 2005 22:29:07 -0000 1.26
+++ conf.c 23 Jan 2006 19:31:54 -0000 1.27
@@ -31,7 +31,7 @@
* @author Michael Jennings <[EMAIL PROTECTED]>
*/
-static const char __attribute__((unused)) cvs_ident[] = "$Id: conf.c,v 1.26
2005/03/07 22:29:07 mej Exp $";
+static const char __attribute__((unused)) cvs_ident[] = "$Id: conf.c,v 1.27
2006/01/23 19:31:54 mej Exp $";
#ifdef HAVE_CONFIG_H
# include <config.h>
@@ -721,14 +721,12 @@
/* The config file reader. This looks for the config file by searching
CONFIG_SEARCH_PATH.
If it can't find a config file, it displays a warning but continues. -- mej
*/
-
spif_charptr_t
spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const
spif_charptr_t pathlist)
{
static spif_char_t name[PATH_MAX], full_path[PATH_MAX];
spif_charptr_t path, p;
- short maxpathlen;
- unsigned short len;
+ spif_int32_t len, maxpathlen;
struct stat fst;
REQUIRE_RVAL(file != NULL, NULL);
@@ -737,6 +735,13 @@
D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory
\"%s\".\n",
file, NONULL(dir), NONULL(pathlist), name));
+ /* Make sure our supplied settings don't overflow. */
+ len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char
*) dir)) : (0)) + 2;
+ if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) {
+ D_CONF(("Too big. I lose. :(\n"));
+ return ((spif_charptr_t) NULL);
+ }
+
if (dir) {
strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir);
strcat(SPIF_CAST_C(char *) name, "/");
@@ -756,7 +761,7 @@
/* maxpathlen is the longest possible path we can stuff into name[]. The
- 2 saves room for
an additional / and the trailing null. */
if ((maxpathlen = sizeof(name) - len - 2) <= 0) {
- D_CONF(("Too big. I lose. :(\n", name));
+ D_CONF(("Too big. I lose. :(\n"));
return ((spif_charptr_t) NULL);
}
===================================================================
RCS file: /cvsroot/enlightenment/eterm/libast/src/mbuff.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -3 -r1.1 -r1.2
--- mbuff.c 15 Dec 2004 00:00:22 -0000 1.1
+++ mbuff.c 23 Jan 2006 19:31:54 -0000 1.2
@@ -21,7 +21,7 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-static const char __attribute__((unused)) cvs_ident[] = "$Id: mbuff.c,v 1.1
2004/12/15 00:00:22 mej Exp $";
+static const char __attribute__((unused)) cvs_ident[] = "$Id: mbuff.c,v 1.2
2006/01/23 19:31:54 mej Exp $";
#ifdef HAVE_CONFIG_H
# include <config.h>
@@ -495,7 +495,7 @@
REQUIRE_RVAL(self->buff != SPIF_NULL_TYPE(byteptr), FALSE);
for (j = 0, i = self->len - 1; i > j; i--, j++) {
- (void) BINSWAP(tmp[j], tmp[i]);
+ SWAP(tmp[j], tmp[i]);
}
return TRUE;
}
===================================================================
RCS file: /cvsroot/enlightenment/eterm/libast/src/obj.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -3 -r1.27 -r1.28
--- obj.c 23 Jul 2004 21:38:39 -0000 1.27
+++ obj.c 23 Jan 2006 19:31:54 -0000 1.28
@@ -28,11 +28,11 @@
* This file contains the basic object class.
*
* @author Michael Jennings <[EMAIL PROTECTED]>
- * $Revision: 1.27 $
- * $Date: 2004/07/23 21:38:39 $
+ * $Revision: 1.28 $
+ * $Date: 2006/01/23 19:31:54 $
*/
-static const char __attribute__((unused)) cvs_ident[] = "$Id: obj.c,v 1.27
2004/07/23 21:38:39 mej Exp $";
+static const char __attribute__((unused)) cvs_ident[] = "$Id: obj.c,v 1.28
2006/01/23 19:31:54 mej Exp $";
#ifdef HAVE_CONFIG_H
# include <config.h>
@@ -390,7 +390,7 @@
spif_obj_set_class(spif_obj_t self, spif_class_t cls)
{
ASSERT_RVAL(!SPIF_OBJ_ISNULL(self), FALSE);
- SPIF_OBJ(self)->cls = cls;
+ self->cls = cls;
return TRUE;
}
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
