Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 191191
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Mobile Phone Developers <mobile-phone@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tupone Alfredo <tupone@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
gammu-1.12.0-fixups.patch gammu-1.12.0-fixups.patch patch Tupone Alfredo 2007-09-03 22:13 0000 3.93 KB Details | Diff
gammu-1.13.0.ebuild gammu-1.13.0.ebuild text/plain Tupone Alfredo 2007-09-04 20:03 0000 1.79 KB Details
gammu-1.13.0-fixups.patch gammu-1.13.0-fixups.patch patch Tupone Alfredo 2007-09-04 20:03 0000 1018 bytes Details | Diff
gammu-1.13.0-fixups.patch gammu-1.13.0-fixups.patch patch Alin Năstac 2007-09-05 19:01 0000 2.68 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 191191 depends on: Show dependency tree
Bug 191191 blocks: 191303
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-09-03 22:12 0000 
I attached my Siemens C72 to my desktop and gammu failed, with segment
violation, at least 2 commands.
That is due to non-checking of buffer overflow in several place.

Reproducible: Always




I'm going to submit a patch that fixes these faults, just increasing the size
of the array it is writing into. No guarantee that with a more powerful phone
you will not overflow even the patched one.

------- Comment #1 From Tupone Alfredo 2007-09-03 22:13:38 0000 ------- 
Created an attachment (id=129946) [details]
gammu-1.12.0-fixups.patch

I changed the already present patch file, adding my patches.

------- Comment #2 From Tupone Alfredo 2007-09-03 22:16:46 0000 ------- 
Maybe, instead of patching this version, is better to have the 1.13.0 version
in the tree. The 1.13.0 does not need anymore the old patch file, just the new
one, as the 1.13.0 version too is bugged. At least we can hope upstream will
take more into account for the "incoming".

I will test more commands to see what else is bugged.

------- Comment #3 From Tupone Alfredo 2007-09-04 20:03:15 0000 ------- 
Created an attachment (id=130031) [details]
gammu-1.13.0.ebuild

An ebuild for the 1.13.0 with the same fix

------- Comment #4 From Tupone Alfredo 2007-09-04 20:03:34 0000 ------- 
Created an attachment (id=130033) [details]
gammu-1.13.0-fixups.patch

------- Comment #5 From Alin Năstac 2007-09-05 16:40:33 0000 ------- 
But this don't fix completely the buffer overflow occured in GSM_GetFirmware.
There are 2 places where firmware buffer overflow will occur: functions
GSM_Init and Backup (both in gammu.c). 

Also SaveRingtoneEntry() could be modified to use a much smaller buffer (4096
bytes for instance) and do it safely.

------- Comment #6 From Alin Năstac 2007-09-05 19:01:16 0000 ------- 
Created an attachment (id=130106) [details]
gammu-1.13.0-fixups.patch

Seems it is not possible to reuse a buffer of fixed length for
SaveRingtoneEntry() so I used dynamic allocation instead.

Please check this patch with your phone.

------- Comment #7 From Michal Čihař 2007-09-05 22:43:23 0000 ------- 
The buffer sizes are fixed here in upstream:

http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1388

Following patches merge your other changes:

http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1389
http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1390

------- Comment #8 From Alin Năstac 2007-09-06 10:05:31 0000 ------- 
The patched gammu-1.13.0 is now in the tree. The patch used is the one offered
by upstream.

Thanks!
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug