Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 48128 Details for
Bug 77408
app-text/enscript CAN-2004-118{4,5,6}: Multiple issues
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CAN-2004-1186.patch
CAN-2004-1186.patch (text/plain), 1.74 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-01-10 13:17:11 UTC
(
hide
)
Description:
CAN-2004-1186.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-01-10 13:17:11 UTC
Size:
1.74 KB
patch
obsolete
>diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1185/debian/changelog enscript-1.6.3.CAN-2004-1186/debian/changelog >--- enscript-1.6.3.CAN-2004-1185/debian/changelog 2005-01-05 11:22:25.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1186/debian/changelog 2005-01-05 13:00:57.000000000 +0100 >@@ -6,6 +6,7 @@ enscript (1.6.3-1.2) stable-security; ur > CAN-2004-1184] > * Commented out code that will permit EPS files to be provided as > arbitrary programs to be executed [src/psgen.c, CAN-2004-1185] >+ * Fixed buffer overflows [src/util.c, src/psgen.c, CAN-2004-1186] > > -- > >diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1185/src/psgen.c enscript-1.6.3.CAN-2004-1186/src/psgen.c >--- enscript-1.6.3.CAN-2004-1185/src/psgen.c 2005-01-05 15:22:40.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1186/src/psgen.c 2005-01-05 15:22:44.000000000 +0100 >@@ -2034,8 +2034,9 @@ dump_ps_page_header (char *fname, int em > else > { > ftail++; >- strncpy (buf, fname, ftail - fname); >- buf[ftail - fname] = '\0'; >+ i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname; >+ strncpy (buf, fname, i); >+ buf[i] = '\0'; > } > > if (nup > 1) >diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1185/src/util.c enscript-1.6.3.CAN-2004-1186/src/util.c >--- enscript-1.6.3.CAN-2004-1185/src/util.c 2005-01-05 10:43:23.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1186/src/util.c 2005-01-05 15:22:23.000000000 +0100 >@@ -2003,7 +2003,8 @@ is_getc (InputStream *is) > return EOF; > > /* Read more data. */ >- is->data_in_buf = fread (is->buf, 1, sizeof (is->buf), is->fp); >+ memset (is->buf, 0, sizeof (is->buf)); >+ is->data_in_buf = fread (is->buf, 1, sizeof (is->buf)-1, is->fp); > is->bufpos = 0; > is->nreads++; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=48128">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 77408
:
48126
|
48127
|
48128
|
48574
|
48577
