Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 71064 Details for
Bug 108365
media-gfx/xloadimage, media-gfx/xli: buffer overflow (CVE-2001-0775)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xli-gentoo.patch
xli-gentoo.patch (text/plain), 6.78 KB, created by
solar (RETIRED)
on 2005-10-20 05:09:46 UTC
(
hide
)
Description:
xli-gentoo.patch
Filename:
MIME Type:
Creator:
solar (RETIRED)
Created:
2005-10-20 05:09:46 UTC
Size:
6.78 KB
patch
obsolete
>diff -Nrup xli-2005-02-27/imagetypes.c xli-2005-02-27/imagetypes.c >--- xli-2005-02-27/imagetypes.c 1999-10-24 22:14:57.000000000 -0400 >+++ xli-2005-02-27/imagetypes.c 2005-10-18 07:53:46.000000000 -0400 >@@ -53,7 +53,7 @@ Image *loadImage(ImageOptions * image_op > Image *image; > int a; > >- if (findImage(image_ops->name, fullname) < 0) { >+ if (findImage(image_ops->name, fullname, BUFSIZ) < 0) { > if (errno == ENOENT) > printf("%s: image not found\n", image_ops->name); > else if (errno == EISDIR) >@@ -95,7 +95,7 @@ void identifyImage(char *name) > char fullname[BUFSIZ]; > int a; > >- if (findImage(name, fullname) < 0) { >+ if (findImage(name, fullname, BUFSIZ) < 0) { > if (errno == ENOENT) > printf("%s: image not found\n", name); > else if (errno == EISDIR) >diff -Nrup xli-2005-02-27/path.c xli-2005-02-27/path.c >--- xli-2005-02-27/path.c 2005-02-27 19:42:39.000000000 -0500 >+++ xli-2005-02-27/path.c 2005-10-18 07:56:45.000000000 -0400 >@@ -172,12 +172,12 @@ static int fileIsOk(char *fullname, stru > /* find an image with paths and extensions from defaults files. returns > * -1 if access denied or not found, 0 if ok. > */ >-int findImage(char *name, char *fullname) >+int findImage(char *name, char *fullname, size_t size) > { > unsigned int p, e; > struct stat sbuf; > >- strcpy(fullname, name); >+ strncpy(fullname, name, size); > if (!strcmp(name, "stdin")) /* stdin is special name */ > return (0); > >@@ -185,26 +185,26 @@ int findImage(char *name, char *fullname > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #ifndef NO_COMPRESS >- strcat(fullname, ".Z"); >+ strncat(fullname, ".Z", size); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #endif > > for (p = 0; p < NumPaths; p++) { >- sprintf(fullname, "%s/%s", Paths[p], name); >+ snprintf(fullname, size, "%s/%s", Paths[p], name); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #ifndef NO_COMPRESS >- strcat(fullname, ".Z"); >+ strncat(fullname, ".Z", size); > if (!stat(fullname, &sbuf)) > #endif > return (fileIsOk(fullname, &sbuf)); > for (e = 0; e < NumExts; e++) { >- sprintf(fullname, "%s/%s%s", Paths[p], name, Exts[e]); >+ snprintf(fullname, size, "%s/%s%s", Paths[p], name, Exts[e]); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #ifndef NO_COMPRESS >- strcat(fullname, ".Z"); >+ strncat(fullname, ".Z", size); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #endif >@@ -212,11 +212,11 @@ int findImage(char *name, char *fullname > } > > for (e = 0; e < NumExts; e++) { >- sprintf(fullname, "%s%s", name, Exts[e]); >+ snprintf(fullname, size, "%s%s", name, Exts[e]); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #ifndef NO_COMPRESS >- strcat(fullname, ".Z"); >+ strncat(fullname, ".Z", size); > if (!stat(fullname, &sbuf)) > return (fileIsOk(fullname, &sbuf)); > #endif >@@ -241,7 +241,7 @@ void listImages(void) > for (a = 0; a < NumPaths; a++) { > printf("%s:\n", Paths[a]); > fflush(stdout); >- sprintf(buf, "ls %s", Paths[a]); >+ snprintf(buf, sizeof(buf)-1, "ls %s", Paths[a]); > if (system(buf) < 0) { > perror("ls"); > return; >@@ -296,14 +296,14 @@ char *expandPath(char *p) > var++; > else if (*p == '~') { > buf1[b1] = '\0'; >- strcat(buf1, getenv("HOME")); >+ strncat(buf1, getenv("HOME"), sizeof(buf1)-1); > b1 = strlen(buf1); > var = 0; > } else if (*p == '/' || *p == '}') { > if (var) { > buf1[b1] = '\0'; > buf2[b2] = '\0'; >- strcat(buf1, getenv(buf2)); >+ strncat(buf1, getenv(buf2), sizeof(buf1)); > b1 = strlen(buf1); > buf2[0] = '\0'; > b2 = 0; >diff -Nrup xli-2005-02-27/reduce.c xli-2005-02-27/reduce.c >--- xli-2005-02-27/reduce.c 1999-10-24 22:15:02.000000000 -0400 >+++ xli-2005-02-27/reduce.c 2005-10-18 07:33:34.000000000 -0400 >@@ -178,7 +178,7 @@ Image *reduce(Image *image, unsigned col > /* get destination image */ > depth = colorsToDepth(OutColors); > new_image = newRGBImage(image->width, image->height, depth); >- sprintf(buf, "%s (%d colors)", image->title, OutColors); >+ snprintf(buf, sizeof(buf)-1, "%s (%d colors)", image->title, OutColors); > new_image->title = dupString(buf); > new_image->gamma = image->gamma; > >diff -Nrup xli-2005-02-27/rlelib.c xli-2005-02-27/rlelib.c >--- xli-2005-02-27/rlelib.c 2005-10-18 07:40:51.000000000 -0400 >+++ xli-2005-02-27/rlelib.c 2005-10-18 07:48:12.000000000 -0400 >@@ -18,7 +18,7 @@ > #undef DEBUG > > #ifdef DEBUG >-# define debug(xx) fprintf(stderr,xx) >+# define debug(xx) fprintf(stderr, "%s", xx) > #else > # define debug(xx) > #endif >Files xli-2005-02-27/xli and xli-2005-02-27/xli differ >diff -Nrup xli-2005-02-27/xli.h xli-2005-02-27/xli.h >--- xli-2005-02-27/xli.h 1999-10-24 22:15:07.000000000 -0400 >+++ xli-2005-02-27/xli.h 2005-10-19 07:49:21.000000000 -0400 >@@ -229,7 +229,7 @@ char *xlistrstr(char *s1, char *s2); > > /* path.c */ > char *expandPath(char *p); >-int findImage(char *name, char *fullname); >+int findImage(char *name, char *fullname, size_t size); > void listImages(void); > void loadPathsAndExts(void); > void showPath(void); >diff -Nrup xli-2005-02-27/xlito.c xli-2005-02-27/xlito.c >--- xli-2005-02-27/xlito.c 2005-02-27 19:42:39.000000000 -0500 >+++ xli-2005-02-27/xlito.c 2005-10-18 07:48:54.000000000 -0400 >@@ -31,7 +31,7 @@ char *pname, *fname; > #undef DEBUG > > #ifdef DEBUG >-# define debug(xx) fprintf(stderr,xx) >+# define debug(xx) fprintf(stderr, "%s", xx) > #else > # define debug(xx) > #endif >diff -Nrup xli-2005-02-27/zoom.c xli-2005-02-27/zoom.c >--- xli-2005-02-27/zoom.c 2005-02-27 19:42:39.000000000 -0500 >+++ xli-2005-02-27/zoom.c 2005-10-18 07:35:42.000000000 -0400 >@@ -52,30 +52,30 @@ Image *zoom(Image *oimage, unsigned int > if (verbose) > printf(" Zooming image Y axis by %d%%...", yzoom); > if (changetitle) >- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom); >+ snprintf(buf, sizeof(buf)-1, "%s (Y zoom %d%%)", oimage->title, yzoom); > } > else if (!yzoom) { > if (verbose) > printf(" Zooming image X axis by %d%%...", xzoom); > if (changetitle) >- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom); >+ snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%%)", oimage->title, xzoom); > } > else if (xzoom == yzoom) { > if (verbose) > printf(" Zooming image by %d%%...", xzoom); > if (changetitle) >- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom); >+ snprintf(buf, sizeof(buf)-1, "%s (%d%% zoom)", oimage->title, xzoom); > } > else { > if (verbose) > printf(" Zooming image X axis by %d%% and Y axis by %d%%...", > xzoom, yzoom); > if (changetitle) >- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, >+ snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, > xzoom, yzoom); > } > if (!changetitle) >- strcpy(buf,oimage->title); >+ strncpy(buf,oimage->title, sizeof(buf)-1); > > if (verbose) > fflush(stdout);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 108365
:
70925
|
70928
| 71064 |
71196