thomas: server/file file-cve-2007-1536.patch, NONE, 1.1 Makefile, 1.2, 1.3 kolab.patch, 1.1, 1.2

cvs at kolab.org cvs at kolab.org
Tue Apr 17 13:07:57 CEST 2007


Author: thomas

Update of /kolabrepository/server/file
In directory doto:/tmp/cvs-serv14325/file

Modified Files:
	Makefile kolab.patch 
Added Files:
	file-cve-2007-1536.patch 
Log Message:
Fix for CVE-2007-1536 (file)


--- NEW FILE: file-cve-2007-1536.patch ---
diff -urN file-4.15.orig/src/file.h file-4.15/src/file.h
--- file-4.15.orig/src/file.h	2005-07-29 19:57:20.000000000 +0200
+++ file-4.15/src/file.h	2007-04-17 12:57:57.976179000 +0200
@@ -234,7 +234,7 @@
 	/* Accumulation buffer */
 	char *buf;
 	char *ptr;
-	size_t len;
+	size_t left;
 	size_t size;
 	/* Printable buffer */
 	char *pbuf;
diff -urN file-4.15.orig/src/funcs.c file-4.15/src/funcs.c
--- file-4.15.orig/src/funcs.c	2005-07-12 22:05:38.000000000 +0200
+++ file-4.15/src/funcs.c	2007-04-17 12:57:57.976179000 +0200
@@ -26,6 +26,7 @@
  */
 #include "file.h"
 #include "magic.h"
+#include <assert.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
@@ -46,27 +47,31 @@
 file_printf(struct magic_set *ms, const char *fmt, ...)
 {
 	va_list ap;
-	size_t len;
+	size_t len, size;
 	char *buf;
 
 	va_start(ap, fmt);
 
-	if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
+	if ((len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap)) >= ms->o.left) {
+		long diff;  /* XXX: really ptrdiff_t */
+
 		va_end(ap);
-		if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
+		size = (ms->o.size - ms->o.left) + len + 1024;
+		if ((buf = realloc(ms->o.buf, size)) == NULL) {
 			file_oomem(ms);
 			return -1;
 		}
-		ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
+		diff = ms->o.ptr - ms->o.buf;
+		ms->o.ptr = buf + diff;
 		ms->o.buf = buf;
-		ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
-		ms->o.size = len + 1024;
+		ms->o.left = size - diff;
+		ms->o.size = size;
 
 		va_start(ap, fmt);
-		len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
+		len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
 	}
 	ms->o.ptr += len;
-	ms->o.len -= len;
+	ms->o.left -= len;
 	va_end(ap);
 	return 0;
 }
@@ -155,8 +160,8 @@
 protected const char *
 file_getbuffer(struct magic_set *ms)
 {
-	char *nbuf, *op, *np;
-	size_t nsize;
+	char *pbuf, *op, *np;
+	size_t psize, len;
 
 	if (ms->haderr)
 		return NULL;
@@ -164,14 +169,17 @@
 	if (ms->flags & MAGIC_RAW)
 		return ms->o.buf;
 
-	nsize = ms->o.len * 4 + 1;
-	if (ms->o.psize < nsize) {
-		if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
+	len = ms->o.size - ms->o.left;
+	/* * 4 is for octal representation, + 1 is for NUL */
+	psize = len * 4 + 1;
+	assert(psize > len);
+	if (ms->o.psize < psize) {
+		if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
 			file_oomem(ms);
 			return NULL;
 		}
-		ms->o.psize = nsize;
-		ms->o.pbuf = nbuf;
+		ms->o.psize = psize;
+		ms->o.pbuf = pbuf;
 	}
 
 	for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
diff -urN file-4.15.orig/src/magic.c file-4.15/src/magic.c
--- file-4.15.orig/src/magic.c	2005-06-30 18:33:01.000000000 +0200
+++ file-4.15/src/magic.c	2007-04-17 12:57:57.966179000 +0200
@@ -89,7 +89,7 @@
 		goto free1;
 	}
 
-	ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
+	ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
 	if (ms->o.buf == NULL)
 		goto free1;
 
@@ -101,7 +101,6 @@
 	if (ms->c.off == NULL)
 		goto free3;
 	
-	ms->o.len = 0;
 	ms->haderr = 0;
 	ms->error = -1;
 	ms->mlist = NULL;

Index: Makefile
===================================================================
RCS file: /kolabrepository/server/file/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Makefile	6 Nov 2006 13:22:36 -0000	1.2
+++ Makefile	17 Apr 2007 11:07:55 -0000	1.3
@@ -14,17 +14,18 @@
 PACKAGE=file
 VERSION=4.15
 RELEASE=2.5.0
-KOLABRELEASE=2.5.0_kolab
+KOLABRELEASE=2.5.0_kolab2
 
 RPM=/kolab/bin/openpkg rpm
 KOLABPKGURI:=`/kolab/bin/openpkg register -R $(KOLABPKGURI)`
 
 all: $(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm
 
-$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm: $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm kolab-filemagic.patch kolab.patch
+$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm: $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm kolab-filemagic.patch file-cve-2007-1536.patch kolab.patch
 	$(RPM) -ihv $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm
 
 	cp $(KOLABCVSDIR)/kolab-filemagic.patch $(KOLABRPMSRC)/$(PACKAGE)/
+	cp $(KOLABCVSDIR)/file-cve-2007-1536.patch $(KOLABRPMSRC)/$(PACKAGE)/
 	cp $(KOLABCVSDIR)/kolab.patch $(KOLABRPMSRC)/$(PACKAGE)/           # Patch for file.spec
 	cd $(KOLABRPMSRC)/$(PACKAGE) && patch < $(KOLABCVSDIR)/kolab.patch && $(RPM) -ba $(PACKAGE).spec 
 	cp -p $(KOLABRPMPKG)/$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm $(KOLABCVSDIR)

Index: kolab.patch
===================================================================
RCS file: /kolabrepository/server/file/kolab.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- kolab.patch	19 Oct 2006 02:31:30 -0000	1.1
+++ kolab.patch	17 Apr 2007 11:07:55 -0000	1.2
@@ -1,29 +1,31 @@
---- file.spec.orig	2006-10-19 04:17:54.000000000 +0200
-+++ file.spec	2006-10-19 04:20:49.000000000 +0200
-@@ -37,7 +37,7 @@ Class:        BASE
+--- file.spec.orig	2005-10-11 14:46:18.000000000 +0200
++++ file.spec	2007-04-17 13:01:28.276179000 +0200
+@@ -37,7 +37,7 @@
  Group:        Filesystem
  License:      BSD
  Version:      %{V_api_c}
 -Release:      2.5.0
-+Release:      2.5.0_kolab
++Release:      2.5.0_kolab2
  
  #   package options
  %option       with_perl  no
-@@ -46,6 +46,9 @@ Release:      2.5.0
+@@ -46,6 +46,10 @@
  Source0:      ftp://ftp.astron.com/pub/file/file-%{V_api_c}.tar.gz
  Source1:      http://www.cpan.org/modules/by-module/File/File-LibMagic-%{V_api_pl}.tgz
  
 +#   list of patches
 +Patch0:       kolab-filemagic.patch
++Patch1:       file-cve-2007-1536.patch
 +
  #   build information
  Prefix:       %{l_prefix}
  BuildRoot:    %{l_buildroot}
-@@ -79,6 +82,7 @@ AutoReqProv:  no
+@@ -79,6 +83,8 @@
  %prep
      %setup -q
      %setup -q -D -T -a 1
-+    %patch -p0
++    %patch -p0 -P 0
++    %patch -p1 -P 1
  
  %build
      ACLOCAL=true \





More information about the commits mailing list