[Frugalware-darcs] frugalware-0.6: findutils-4.3.2-2terminus1-i686

voroskoi voroskoi at frugalware.org
Thu Jun 7 19:54:57 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070607174433-dd049-7a96d090533cbd46e4256e091e4e75c49a2f27c4.gz;

[findutils-4.3.2-2terminus1-i686
voroskoi <voroskoi at frugalware.org>**20070607174433
 secfix relbump, closes #2128
] {
addfile ./source/base/findutils/CVE-2007-2452.diff
hunk ./source/base/findutils/CVE-2007-2452.diff 1
+--- a/locate/locate.c	2007/04/22 16:57:42	1.58.2.2
++++ b/locate/locate.c	2007/05/30 20:45:37	1.58.2.3
+@@ -124,9 +124,9 @@
+ =

+ #include "locatedb.h"
+ #include <getline.h>
+-#include "../gnulib/lib/xalloc.h"
+-#include "../gnulib/lib/error.h"
+-#include "../gnulib/lib/human.h"
++#include "xalloc.h"
++#include "error.h"
++#include "human.h"
+ #include "dirname.h"
+ #include "closeout.h"
+ #include "nextelem.h"
+@@ -468,10 +468,36 @@
+   return VISIT_CONTINUE;
+ }
+ =

++static void
++toolong (struct process_data *procdata)
++{
++  error (1, 0,
++	 _("locate database %s contains a "
++	   "filename longer than locate can handle"),
++	 procdata->dbfile);
++}
++
++static void
++extend (struct process_data *procdata, size_t siz1, size_t siz2)
++{
++  /* Figure out if the addition operation is safe before performing it. *=
/
++  if (SIZE_MAX - siz1 < siz2)
++    {
++      toolong (procdata);
++    }
++  else if (procdata->pathsize < (siz1+siz2))
++    {
++      procdata->pathsize =3D siz1+siz2;
++      procdata->original_filename =3D x2nrealloc (procdata->original_file=
name,
++						&procdata->pathsize,
++						1);
++    }
++}
++
+ static int
+ visit_old_format(struct process_data *procdata, void *context)
+ {
+-  register char *s;
++  register size_t i;
+   (void) context;
+ =

+   /* Get the offset in the path where this path info starts.  */
+@@ -479,20 +505,35 @@
+     procdata->count +=3D getw (procdata->fp) - LOCATEDB_OLD_OFFSET;
+   else
+     procdata->count +=3D procdata->c - LOCATEDB_OLD_OFFSET;
++  assert(procdata->count > 0);
+ =

+-  /* Overlay the old path with the remainder of the new.  */
+-  for (s =3D procdata->original_filename + procdata->count;
++  /* Overlay the old path with the remainder of the new.  Read =

++   * more data until we get to the next filename.
++   */
++  for (i=3Dprocdata->count;
+        (procdata->c =3D getc (procdata->fp)) > LOCATEDB_OLD_ESCAPE;)
+-    if (procdata->c < 0200)
+-      *s++ =3D procdata->c;		/* An ordinary character.  */
+-    else
+-      {
+-	/* Bigram markers have the high bit set. */
+-	procdata->c &=3D 0177;
+-	*s++ =3D procdata->bigram1[procdata->c];
+-	*s++ =3D procdata->bigram2[procdata->c];
+-      }
+-  *s-- =3D '\0';
++    {
++      if (procdata->c < 0200)
++	{
++	  /* An ordinary character. */	  =

++	  extend (procdata, i, 1u);
++	  procdata->original_filename[i++] =3D procdata->c;
++	}
++      else
++	{
++	  /* Bigram markers have the high bit set. */
++	  extend (procdata, i, 2u);
++	  procdata->c &=3D 0177;
++	  procdata->original_filename[i++] =3D procdata->bigram1[procdata->c];
++	  procdata->original_filename[i++] =3D procdata->bigram2[procdata->c];
++	}
++    }
++
++  /* Consider the case where we executed the loop body zero times; we
++   * still need space for the terminating null byte. =

++   */
++  extend (procdata, i, 1u);
++  procdata->original_filename[i] =3D 0;
+ =

+   procdata->munged_filename =3D procdata->original_filename;
+   =

hunk ./source/base/findutils/FrugalBuild 6
-pkgrel=3D1
+pkgrel=3D2terminus1
hunk ./source/base/findutils/FrugalBuild 13
-source=3D(ftp://alpha.gnu.org/pub/gnu/findutils/$pkgname-$pkgver.tar.gz)
-signatures=3D($source.sig)
+source=3D(ftp://alpha.gnu.org/pub/gnu/findutils/$pkgname-$pkgver.tar.gz CV=
E-2007-2452.diff)
+signatures=3D($source.sig '')
}


More information about the Frugalware-darcs mailing list