Package: librxtx-java Version: 2.2pre2-10 Severity: normal Tags: upstream patch
As reported in: http://mailman.qbang.org/pipermail/rxtx/2009-May/10897125.html java fails with a buffer overflow when a locked serial device is opened from the library. I'm attaching a patch that uses snprintf when reporting fhs_lock errors. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages librxtx-java depends on: ii libc6 2.13-32 librxtx-java recommends no packages. librxtx-java suggests no packages. -- no debconf information -- Sergio Talens-Oliag <s...@debian.org> <http://people.debian.org/~sto/> Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69
Description: Java fails with a buffer overflow when there's a locked serial device, see http://mailman.qbang.org/pipermail/rxtx/2009-May/10897125.html. Author: Sergio Talens-Oliag <s...@debian.org> Index: rxtx-2.2pre2/CNI/SerialImp.c =================================================================== --- rxtx-2.2pre2.orig/CNI/SerialImp.c 2012-05-21 13:13:43.000000000 +0200 +++ rxtx-2.2pre2/CNI/SerialImp.c 2012-05-21 13:24:05.876652630 +0200 @@ -4752,7 +4752,7 @@ fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 ); if( fd < 0 ) { - sprintf( message, + snprintf( message, 79, "RXTX fhs_lock() Error: creating lock file: %s: %s\n", file, strerror(errno) ); report_error( message ); Index: rxtx-2.2pre2/src/SerialImp.c =================================================================== --- rxtx-2.2pre2.orig/src/SerialImp.c 2012-05-21 13:13:43.000000000 +0200 +++ rxtx-2.2pre2/src/SerialImp.c 2012-05-21 13:26:50.184644233 +0200 @@ -5307,7 +5307,7 @@ } if ( dev_lock( filename ) ) { - sprintf( message, + snprintf( message, 79, "RXTX fhs_lock() Error: creating lock file for: %s: %s\n", filename, strerror(errno) ); report_error( message ); @@ -5367,7 +5367,7 @@ fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 ); if( fd < 0 ) { - sprintf( message, + snprintf( message, 79, "RXTX fhs_lock() Error: creating lock file: %s: %s\n", file, strerror(errno) ); report_error( message ); Index: rxtx-2.2pre2/src/lfd/lockdaemon.c =================================================================== --- rxtx-2.2pre2.orig/src/lfd/lockdaemon.c 2007-04-26 07:26:07.000000000 +0200 +++ rxtx-2.2pre2/src/lfd/lockdaemon.c 2012-05-21 13:25:35.396648055 +0200 @@ -145,7 +145,7 @@ fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 ); if( fd < 0 ) { - sprintf( message, + snprintf( message, 79, "RXTX fhs_lock() Error: creating lock file: %s: %s\n", file, strerror(errno) ); syslog( LOG_INFO, message ); Index: rxtx-2.2pre2/src/lfd/lockdaemon.c.noinetd =================================================================== --- rxtx-2.2pre2.orig/src/lfd/lockdaemon.c.noinetd 2007-04-26 07:26:07.000000000 +0200 +++ rxtx-2.2pre2/src/lfd/lockdaemon.c.noinetd 2012-05-21 13:25:55.748647017 +0200 @@ -144,7 +144,7 @@ fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 ); if( fd < 0 ) { - sprintf( message, + snprintf( message, 79, "RXTX fhs_lock() Error: creating lock file: %s: %s\n", file, strerror(errno) ); syslog( LOG_INFO, message );
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
