rpms/cfengine/devel cfengine-2.2.3-var_expansion_overflow.patch, NONE, 1.1 cfengine.spec, 1.32, 1.33
Jeff Sheltren (sheltren)
fedora-extras-commits at redhat.com
Mon Feb 25 15:18:07 UTC 2008
Author: sheltren
Update of /cvs/extras/rpms/cfengine/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30401
Modified Files:
cfengine.spec
Added Files:
cfengine-2.2.3-var_expansion_overflow.patch
Log Message:
Patch for buffer overflow during variable expansion
cfengine-2.2.3-var_expansion_overflow.patch:
--- NEW FILE cfengine-2.2.3-var_expansion_overflow.patch ---
--- cfengine-2.2.3/src/2Dlist.c.overflow 2008-02-23 08:13:29.000000000 -0800
+++ cfengine-2.2.3/src/2Dlist.c 2008-02-23 08:17:04.000000000 -0800
@@ -69,7 +69,7 @@
/* return a path string in static data, like getent in NIS */
-{ static char entry[CF_BUFSIZE];
+{ static char entry[CF_EXPANDSIZE];
struct TwoDimList *tp;
char seps[2];
@@ -86,7 +86,14 @@
{
if (tp->current != NULL)
{
- strcat(entry,(tp->current)->name);
+ if (strlen(entry)+strlen((tp->current)->name) < CF_EXPANDSIZE - CF_BUFFERMARGIN)
+ {
+ strcat(entry,(tp->current)->name);
+ }
+ else
+ {
+ FatalError("Buffer overflow during variable expansion");
+ }
}
}
Index: cfengine.spec
===================================================================
RCS file: /cvs/extras/rpms/cfengine/devel/cfengine.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- cfengine.spec 19 Feb 2008 23:52:42 -0000 1.32
+++ cfengine.spec 25 Feb 2008 15:17:24 -0000 1.33
@@ -1,7 +1,7 @@
Summary: A systems administration tool for networks
Name: cfengine
Version: 2.2.3
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: Applications/System
Source0: ftp://ftp.iu.hio.no/pub/cfengine/cfengine-2.2.3.tar.gz
@@ -9,6 +9,7 @@
Source2: cfservd
Source3: cfenvd
URL: http://www.cfengine.org/
+Patch0: cfengine-2.2.3-var_expansion_overflow.patch
BuildRequires: db4-devel,openssl-devel,texinfo,tetex,tetex-dvips,bison,flex,m4,libacl-devel
BuildRequires: libselinux-devel
Requires(post): /sbin/chkconfig, /sbin/install-info
@@ -28,6 +29,7 @@
%prep
%setup -q
+%patch0 -p1 -b .overflow
%build
@@ -128,6 +130,9 @@
%changelog
+* Sat Feb 23 2008 Jeff Sheltren <jeff at osuosl.org> 2.2.3-5
+- Patch for buffer overflow during variable expantion (SVN r526)
+
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 2.2.3-4
- Autorebuild for GCC 4.3
More information about the fedora-extras-commits
mailing list