Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 646462 Details for
Bug 711818
sci-biology/bwa: Buffer overflow (long prefix) in bns_fasta2bntseq, bns_dump (CVE-2019-11371)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix-buffer-overflows.patch
fix-buffer-overflows.patch (text/plain), 2.51 KB, created by
John Helmert III
on 2020-06-26 05:34:38 UTC
(
hide
)
Description:
fix-buffer-overflows.patch
Filename:
MIME Type:
Creator:
John Helmert III
Created:
2020-06-26 05:34:38 UTC
Size:
2.51 KB
patch
obsolete
>diff --git a/bntseq.c b/bntseq.c >index 65f7e93..ed4ce6a 100644 >--- a/bntseq.c >+++ b/bntseq.c >@@ -69,7 +69,7 @@ void bns_dump(const bntseq_t *bns, const char *prefix) > FILE *fp; > int i; > { // dump .ann >- strcpy(str, prefix); strcat(str, ".ann"); >+ snprintf(str, sizeof(str), "%s.ann", prefix); > fp = xopen(str, "w"); > err_fprintf(fp, "%lld %d %u\n", (long long)bns->l_pac, bns->n_seqs, bns->seed); > for (i = 0; i != bns->n_seqs; ++i) { >@@ -83,7 +83,7 @@ void bns_dump(const bntseq_t *bns, const char *prefix) > err_fclose(fp); > } > { // dump .amb >- strcpy(str, prefix); strcat(str, ".amb"); >+ snprintf(str, sizeof(str), "%s.amb", prefix); > fp = xopen(str, "w"); > err_fprintf(fp, "%lld %d %u\n", (long long)bns->l_pac, bns->n_seqs, bns->n_holes); > for (i = 0; i != bns->n_holes; ++i) { >@@ -171,12 +171,13 @@ bntseq_t *bns_restore(const char *prefix) > char ann_filename[1024], amb_filename[1024], pac_filename[1024], alt_filename[1024]; > FILE *fp; > bntseq_t *bns; >- strcat(strcpy(ann_filename, prefix), ".ann"); >- strcat(strcpy(amb_filename, prefix), ".amb"); >- strcat(strcpy(pac_filename, prefix), ".pac"); >+ snprintf(ann_filename, sizeof(ann_filename), "%s.ann", prefix); >+ snprintf(amb_filename, sizeof(amb_filename), "%s.amb", prefix); >+ snprintf(pac_filename, sizeof(pac_filename), "%s.pac", prefix); > bns = bns_restore_core(ann_filename, amb_filename, pac_filename); > if (bns == 0) return 0; >- if ((fp = fopen(strcat(strcpy(alt_filename, prefix), ".alt"), "r")) != 0) { // read .alt file if present >+ snprintf(alt_filename, sizeof(alt_filename), "%s.alt", prefix); >+ if ((fp = fopen(alt_filename, "r")) != 0) { // read .alt file if present > char str[1024]; > khash_t(str) *h; > int c, i, absent; >@@ -197,7 +198,13 @@ bntseq_t *bns_restore(const char *prefix) > } > while (c != '\n' && c != EOF) c = fgetc(fp); > i = 0; >- } else str[i++] = c; // FIXME: potential segfault here >+ } else { >+ if (i >= 1022) { >+ fprintf(stderr, "[E::%s] sequence name longer than 1023 characters. Abort!\n", __func__); >+ exit(1); >+ } >+ str[i++] = c; >+ } > } > kh_destroy(str, h); > fclose(fp); >@@ -294,7 +301,7 @@ int64_t bns_fasta2bntseq(gzFile fp_fa, const char *prefix, int for_only) > bns->ambs = (bntamb1_t*)calloc(m_holes, sizeof(bntamb1_t)); > pac = calloc(m_pac/4, 1); > q = bns->ambs; >- strcpy(name, prefix); strcat(name, ".pac"); >+ snprintf(name, sizeof(name), "%s.pac", prefix); > fp = xopen(name, "wb"); > // read sequences > while (kseq_read(seq) >= 0) pac = add1(seq, bns, pac, &m_pac, &m_seqs, &m_holes, &q);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=646462">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 711818
: 646462
