rpms/gif2png/devel gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.10, 1.11

ensc ensc at fedoraproject.org
Fri Jan 1 16:02:03 UTC 2010 

Author: ensc

Update of /cvs/extras/rpms/gif2png/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9522

Modified Files:
	gif2png.spec 
Added Files:
	gif2png-overflow.patch 
Log Message:
fixed command line buffer overlow (#547515, CVE-2009-XXXX)

gif2png-overflow.patch:
 gif2png.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- NEW FILE gif2png-overflow.patch ---
Fixes cmdline buffer overflow described in

http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978

Index: gif2png-2.5.2/gif2png.c
===================================================================
--- gif2png-2.5.2.orig/gif2png.c
+++ gif2png-2.5.2/gif2png.c
@@ -682,7 +682,10 @@ int processfile(char *fname, FILE *fp)
 
     strcpy(outname, fname);
 
-    file_ext = outname+strlen(outname)-4;
+    file_ext = outname+strlen(outname);
+    if (file_ext >= outname + 4)
+	file_ext -= 4;
+
     if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
 	strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
 	/* try to derive basename */
@@ -874,7 +877,8 @@ int main(int argc, char *argv[])
 	}
     } else {
 	for (i = ac;i<argc; i++) {
-	    strcpy(name, argv[i]);
+	    strncpy(name, argv[i], sizeof name - sizeof ".gif");
+	    name[sizeof name - sizeof ".gif"] = '\0';
 	    if ((fp = fopen(name, "rb")) == NULL) {
 		/* retry with .gif appended */
 		strcat(name, ".gif");


Index: gif2png.spec
===================================================================
RCS file: /cvs/extras/rpms/gif2png/devel/gif2png.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- gif2png.spec	14 Nov 2009 17:32:45 -0000	1.10
+++ gif2png.spec	1 Jan 2010 16:02:03 -0000	1.11
@@ -1,13 +1,16 @@
 %{!?release_func:%global release_func() %1%{?dist}}
+%{!?apply:%global  apply(p:n:b:) %patch%%{-n:%%{-n*}} %%{-p:-p %%{-p*}} %%{-b:-b %%{-b*}} \
+%nil}
 
 Summary:	A GIF to PNG converter
 Name:		gif2png
 Version:	2.5.2
-Release:	%release_func 1300
+Release:	%release_func 1301
 License:	BSD
 Group:		Applications/Multimedia
 URL:		http://www.catb.org/~esr/gif2png/
 Source0:	http://www.catb.org/~esr/gif2png/%name-%version.tar.gz
+Patch0:		gif2png-overflow.patch
 BuildRoot:	%_tmppath/%name-%version-%release-root
 BuildRequires:	libpng-devel
 
@@ -41,6 +44,7 @@ convert entire web hierarchies (images a
 
 %prep
 %setup -q
+%apply -n0
 
 
 %build
@@ -71,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jan  1 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.2-1301
+- fixed command line buffer overlow (#547515, CVE-2009-XXXX)
+
 * Sat Nov 14 2009 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.2-1300
 - updated to 2.5.2
 - removed Debian patches; issues are addressed by new upstream release

More information about the fedora-extras-commits mailing list