thomas: server/file file-cve-2007-1536.patch, NONE, 1.1 Makefile, 1.2, 1.3 kolab.patch, 1.1, 1.2
cvs at kolab.org
cvs at kolab.org
Tue Apr 17 13:07:57 CEST 2007
Author: thomas
Update of /kolabrepository/server/file
In directory doto:/tmp/cvs-serv14325/file
Modified Files:
Makefile kolab.patch
Added Files:
file-cve-2007-1536.patch
Log Message:
Fix for CVE-2007-1536 (file)
--- NEW FILE: file-cve-2007-1536.patch ---
diff -urN file-4.15.orig/src/file.h file-4.15/src/file.h
--- file-4.15.orig/src/file.h 2005-07-29 19:57:20.000000000 +0200
+++ file-4.15/src/file.h 2007-04-17 12:57:57.976179000 +0200
@@ -234,7 +234,7 @@
/* Accumulation buffer */
char *buf;
char *ptr;
- size_t len;
+ size_t left;
size_t size;
/* Printable buffer */
char *pbuf;
diff -urN file-4.15.orig/src/funcs.c file-4.15/src/funcs.c
--- file-4.15.orig/src/funcs.c 2005-07-12 22:05:38.000000000 +0200
+++ file-4.15/src/funcs.c 2007-04-17 12:57:57.976179000 +0200
@@ -26,6 +26,7 @@
*/
#include "file.h"
#include "magic.h"
+#include <assert.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
@@ -46,27 +47,31 @@
file_printf(struct magic_set *ms, const char *fmt, ...)
{
va_list ap;
- size_t len;
+ size_t len, size;
char *buf;
va_start(ap, fmt);
- if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
+ if ((len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap)) >= ms->o.left) {
+ long diff; /* XXX: really ptrdiff_t */
+
va_end(ap);
- if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
+ size = (ms->o.size - ms->o.left) + len + 1024;
+ if ((buf = realloc(ms->o.buf, size)) == NULL) {
file_oomem(ms);
return -1;
}
- ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
+ diff = ms->o.ptr - ms->o.buf;
+ ms->o.ptr = buf + diff;
ms->o.buf = buf;
- ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
- ms->o.size = len + 1024;
+ ms->o.left = size - diff;
+ ms->o.size = size;
va_start(ap, fmt);
- len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
+ len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
}
ms->o.ptr += len;
- ms->o.len -= len;
+ ms->o.left -= len;
va_end(ap);
return 0;
}
@@ -155,8 +160,8 @@
protected const char *
file_getbuffer(struct magic_set *ms)
{
- char *nbuf, *op, *np;
- size_t nsize;
+ char *pbuf, *op, *np;
+ size_t psize, len;
if (ms->haderr)
return NULL;
@@ -164,14 +169,17 @@
if (ms->flags & MAGIC_RAW)
return ms->o.buf;
- nsize = ms->o.len * 4 + 1;
- if (ms->o.psize < nsize) {
- if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
+ len = ms->o.size - ms->o.left;
+ /* * 4 is for octal representation, + 1 is for NUL */
+ psize = len * 4 + 1;
+ assert(psize > len);
+ if (ms->o.psize < psize) {
+ if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
file_oomem(ms);
return NULL;
}
- ms->o.psize = nsize;
- ms->o.pbuf = nbuf;
+ ms->o.psize = psize;
+ ms->o.pbuf = pbuf;
}
for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
diff -urN file-4.15.orig/src/magic.c file-4.15/src/magic.c
--- file-4.15.orig/src/magic.c 2005-06-30 18:33:01.000000000 +0200
+++ file-4.15/src/magic.c 2007-04-17 12:57:57.966179000 +0200
@@ -89,7 +89,7 @@
goto free1;
}
- ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
+ ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
if (ms->o.buf == NULL)
goto free1;
@@ -101,7 +101,6 @@
if (ms->c.off == NULL)
goto free3;
- ms->o.len = 0;
ms->haderr = 0;
ms->error = -1;
ms->mlist = NULL;
Index: Makefile
===================================================================
RCS file: /kolabrepository/server/file/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Makefile 6 Nov 2006 13:22:36 -0000 1.2
+++ Makefile 17 Apr 2007 11:07:55 -0000 1.3
@@ -14,17 +14,18 @@
PACKAGE=file
VERSION=4.15
RELEASE=2.5.0
-KOLABRELEASE=2.5.0_kolab
+KOLABRELEASE=2.5.0_kolab2
RPM=/kolab/bin/openpkg rpm
KOLABPKGURI:=`/kolab/bin/openpkg register -R $(KOLABPKGURI)`
all: $(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm
-$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm: $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm kolab-filemagic.patch kolab.patch
+$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm: $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm kolab-filemagic.patch file-cve-2007-1536.patch kolab.patch
$(RPM) -ihv $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm
cp $(KOLABCVSDIR)/kolab-filemagic.patch $(KOLABRPMSRC)/$(PACKAGE)/
+ cp $(KOLABCVSDIR)/file-cve-2007-1536.patch $(KOLABRPMSRC)/$(PACKAGE)/
cp $(KOLABCVSDIR)/kolab.patch $(KOLABRPMSRC)/$(PACKAGE)/ # Patch for file.spec
cd $(KOLABRPMSRC)/$(PACKAGE) && patch < $(KOLABCVSDIR)/kolab.patch && $(RPM) -ba $(PACKAGE).spec
cp -p $(KOLABRPMPKG)/$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm $(KOLABCVSDIR)
Index: kolab.patch
===================================================================
RCS file: /kolabrepository/server/file/kolab.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- kolab.patch 19 Oct 2006 02:31:30 -0000 1.1
+++ kolab.patch 17 Apr 2007 11:07:55 -0000 1.2
@@ -1,29 +1,31 @@
---- file.spec.orig 2006-10-19 04:17:54.000000000 +0200
-+++ file.spec 2006-10-19 04:20:49.000000000 +0200
-@@ -37,7 +37,7 @@ Class: BASE
+--- file.spec.orig 2005-10-11 14:46:18.000000000 +0200
++++ file.spec 2007-04-17 13:01:28.276179000 +0200
+@@ -37,7 +37,7 @@
Group: Filesystem
License: BSD
Version: %{V_api_c}
-Release: 2.5.0
-+Release: 2.5.0_kolab
++Release: 2.5.0_kolab2
# package options
%option with_perl no
-@@ -46,6 +46,9 @@ Release: 2.5.0
+@@ -46,6 +46,10 @@
Source0: ftp://ftp.astron.com/pub/file/file-%{V_api_c}.tar.gz
Source1: http://www.cpan.org/modules/by-module/File/File-LibMagic-%{V_api_pl}.tgz
+# list of patches
+Patch0: kolab-filemagic.patch
++Patch1: file-cve-2007-1536.patch
+
# build information
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
-@@ -79,6 +82,7 @@ AutoReqProv: no
+@@ -79,6 +83,8 @@
%prep
%setup -q
%setup -q -D -T -a 1
-+ %patch -p0
++ %patch -p0 -P 0
++ %patch -p1 -P 1
%build
ACLOCAL=true \
More information about the commits
mailing list