I attached my Siemens C72 to my desktop and gammu failed, with segment violation, at least 2 commands. That is due to non-checking of buffer overflow in several place. Reproducible: Always I'm going to submit a patch that fixes these faults, just increasing the size of the array it is writing into. No guarantee that with a more powerful phone you will not overflow even the patched one.
Created attachment 129946 [details, diff] gammu-1.12.0-fixups.patch I changed the already present patch file, adding my patches.
Maybe, instead of patching this version, is better to have the 1.13.0 version in the tree. The 1.13.0 does not need anymore the old patch file, just the new one, as the 1.13.0 version too is bugged. At least we can hope upstream will take more into account for the "incoming". I will test more commands to see what else is bugged.
Created attachment 130031 [details] gammu-1.13.0.ebuild An ebuild for the 1.13.0 with the same fix
Created attachment 130033 [details, diff] gammu-1.13.0-fixups.patch
But this don't fix completely the buffer overflow occured in GSM_GetFirmware. There are 2 places where firmware buffer overflow will occur: functions GSM_Init and Backup (both in gammu.c). Also SaveRingtoneEntry() could be modified to use a much smaller buffer (4096 bytes for instance) and do it safely.
Created attachment 130106 [details, diff] gammu-1.13.0-fixups.patch Seems it is not possible to reuse a buffer of fixed length for SaveRingtoneEntry() so I used dynamic allocation instead. Please check this patch with your phone.
The buffer sizes are fixed here in upstream: http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1388 Following patches merge your other changes: http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1389 http://viewsvn.cihar.com/viewvc.cgi/gammu?view=rev&revision=1390
The patched gammu-1.13.0 is now in the tree. The patch used is the one offered by upstream. Thanks!
