dviljk as shipped in app-text/texlive-core-2007-r4 is vulnerable to multiple buffer overflows and insecure temporary file creation. See attached patch for details.
Created attachment 135304 [details, diff] dviljk-security-fixes Extracted from Debian's texlive package.
Alexis, please advise.
wow this patch is ugly, lots of cosmetics changes. I 'll have to clean it a bit first. Besides that, I'll have to check it very carfuly; somethings concern me: + if ( include_file ) { include_file is a pointer, initialized to NULL so imho tests to zero should be replaced by test to be different of NULL (and sometimes its tested against NULL, some others against zero) otherwise, as a first read, patch seems sane.
(In reply to comment #3) > wow this patch is ugly, lots of cosmetics changes. I 'll have to clean it a bit > first. Sorry, it's they way upstream committed it. > Besides that, I'll have to check it very carfuly; somethings concern me: > + if ( include_file ) { > > include_file is a pointer, initialized to NULL so imho tests to zero should be > replaced by test to be different of NULL (and sometimes its tested against > NULL, some others against zero) Isn't 0 == NULL ?
(In reply to comment #4) > > Besides that, I'll have to check it very carfuly; somethings concern me: > > + if ( include_file ) { > > > > include_file is a pointer, initialized to NULL so imho tests to zero should be > > replaced by test to be different of NULL (and sometimes its tested against > > NULL, some others against zero) > > Isn't 0 == NULL ? usually yes, but iirc the standards dont specify it. I'll check that.
after checking, if(mypointer) is perfectly valid for checking against null. that's mypointer=0 that is not. fixed in -r5, I removed most of the cosmetic changes.
Created attachment 135423 [details, diff] texlive-core-2007-dviljk-security-fixes.patch Just for reference, the cleaned up patch Alexis applied.
*texlive-core-2007-r5 (06 Nov 2007) 06 Nov 2007; Alexis Ballier <aballier@gentoo.org> -texlive-core-2007-r3.ebuild, -texlive-core-2007-r4.ebuild, +texlive-core-2007-r5.ebuild: fixes for buffer overflow in dviljk, bug #198229