OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: r...@openpkg.org
Module: openpkg-src Date: 02-Sep-2009 14:41:26
Branch: HEAD Handle: 2009090213412600
Modified files:
openpkg-src/file file.patch file.spec
Log:
apply bugfixes for out-of-bound access from Jeff Johnson
Summary:
Revision Changes Path
1.15 +39 -42 openpkg-src/file/file.patch
1.96 +1 -1 openpkg-src/file/file.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/file/file.patch
============================================================================
$ cvs diff -u -r1.14 -r1.15 file.patch
--- openpkg-src/file/file.patch 30 Aug 2008 20:59:42 -0000 1.14
+++ openpkg-src/file/file.patch 2 Sep 2009 12:41:26 -0000 1.15
@@ -1,17 +1,18 @@
Index: src/apprentice.c
---- src/apprentice.c.orig 2008-07-26 17:03:55 +0200
-+++ src/apprentice.c 2008-08-30 22:53:20 +0200
-@@ -697,6 +697,7 @@
- file_oomem(ms, maxmagic * sizeof(*marray));
- return -1;
- }
-+ memset(marray, 0, maxmagic * sizeof(*marray));
- marraycount = 0;
-
- /* print silly verbose header for USG compat. */
+--- src/apprentice.c.orig 2009-09-02 14:35:59 +0200
++++ src/apprentice.c 2009-09-02 14:37:30 +0200
+@@ -791,7 +791,7 @@
+ for (i = 0; i < marraycount; i++)
+ mentrycount += marray[i].cont_count;
+
+- slen = sizeof(**magicp) * mentrycount;
++ slen = sizeof(**magicp) * (mentrycount + 1);
+ if ((*magicp = CAST(struct magic *, malloc(slen))) == NULL) {
+ file_oomem(ms, slen);
+ errs++;
Index: src/compress.c
---- src/compress.c.orig 2008-07-26 17:03:55 +0200
-+++ src/compress.c 2008-08-30 22:53:20 +0200
+--- src/compress.c.orig 2009-03-23 15:21:51 +0100
++++ src/compress.c 2009-09-02 14:35:59 +0200
@@ -167,7 +167,7 @@
* `safe' read for sockets and pipes.
*/
@@ -40,18 +41,18 @@
(void)fprintf(stderr, "Read failed (%s)\n",
strerror(errno));
Index: src/file.h
---- src/file.h.orig 2008-07-26 17:03:55 +0200
-+++ src/file.h 2008-08-30 22:53:20 +0200
-@@ -370,7 +370,7 @@
+--- src/file.h.orig 2009-03-17 22:52:35 +0100
++++ src/file.h 2009-09-02 14:35:59 +0200
+@@ -385,7 +385,7 @@
protected void file_showstr(FILE *, const char *, size_t);
protected size_t file_mbswidth(const char *);
protected const char *file_getbuffer(struct magic_set *);
-protected ssize_t sread(int, void *, size_t, int);
+protected ssize_t file_sread(int, void *, size_t, int);
protected int file_check_mem(struct magic_set *, unsigned int);
- protected int file_looks_utf8(const unsigned char *, size_t, unichar *,
size_t *);
-
-@@ -391,9 +391,11 @@
+ protected int file_looks_utf8(const unsigned char *, size_t, unichar *,
+ size_t *);
+@@ -412,9 +412,11 @@
#endif
#ifndef HAVE_VASPRINTF
@@ -64,9 +65,9 @@
#endif
Index: src/funcs.c
---- src/funcs.c.orig 2008-07-26 17:03:55 +0200
-+++ src/funcs.c 2008-08-30 22:53:20 +0200
-@@ -29,6 +29,7 @@
+--- src/funcs.c.orig 2009-04-07 13:07:00 +0200
++++ src/funcs.c 2009-09-02 14:35:59 +0200
+@@ -34,6 +34,7 @@
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
@@ -74,7 +75,7 @@
#include <ctype.h>
#if defined(HAVE_WCHAR_H)
#include <wchar.h>
-@@ -346,3 +347,108 @@
+@@ -424,3 +425,108 @@
#endif /* ENABLE_CONDITIONALS */
return 0;
}
@@ -184,8 +185,8 @@
+#endif
+
Index: src/getopt_long.h
---- /dev/null 2008-08-30 22:55:00 +0200
-+++ src/getopt_long.h 2008-08-30 22:53:20 +0200
+--- /dev/null 2009-09-02 14:37:02 +0200
++++ src/getopt_long.h 2009-09-02 14:35:59 +0200
@@ -0,0 +1,14 @@
+#ifndef __GETOPT_LONG_H
+#define __GETOPT_LONG_H 1
@@ -202,9 +203,9 @@
+
+#endif
Index: src/magic.c
---- src/magic.c.orig 2008-07-26 17:03:55 +0200
-+++ src/magic.c 2008-08-30 22:53:20 +0200
-@@ -334,7 +334,7 @@
+--- src/magic.c.orig 2009-03-20 22:25:41 +0100
++++ src/magic.c 2009-09-02 14:35:59 +0200
+@@ -306,7 +306,7 @@
if (ispipe) {
ssize_t r = 0;
@@ -214,19 +215,15 @@
nbytes += r;
if (r < PIPE_BUF) break;
Index: src/softmagic.c
---- src/softmagic.c.orig 2008-07-28 19:25:21 +0200
-+++ src/softmagic.c 2008-08-30 22:53:20 +0200
-@@ -302,10 +302,9 @@
- }
+--- src/softmagic.c.orig 2009-09-02 14:35:59 +0200
++++ src/softmagic.c 2009-09-02 14:37:59 +0200
+@@ -191,8 +191,7 @@
+ if (file_check_mem(ms, ++cont_level) == -1)
+ return -1;
+
+- while (magic[magindex+1].cont_level != 0 &&
+- ++magindex < nmagic) {
++ while (magindex+1 < nmagic && magic[++magindex].cont_level) {
+ m = &magic[magindex];
+ ms->line = m->lineno; /* for messages */
- #ifndef HAVE_STRNDUP
--char * strndup(const char *, size_t);
--
--char *
--strndup(const char *str, size_t n)
-+#define strndup(str,n) magic_strndup(str,n)
-+static char *
-+magic_strndup(const char *str, size_t n)
- {
- size_t len;
- char *copy;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/file/file.spec
============================================================================
$ cvs diff -u -r1.95 -r1.96 file.spec
--- openpkg-src/file/file.spec 24 May 2009 09:22:47 -0000 1.95
+++ openpkg-src/file/file.spec 2 Sep 2009 12:41:26 -0000 1.96
@@ -36,7 +36,7 @@
Group: Filesystem
License: BSD
Version: %{V_api_c}
-Release: 20090524
+Release: 20090902
# package options
%option with_perl no
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
