rpms/gif2png/F-12 gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.9, 1.10
ensc
ensc at fedoraproject.org
Fri Jan 1 16:36:27 UTC 2010
Author: ensc
Update of /cvs/extras/rpms/gif2png/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15342/F-12
Modified Files:
gif2png.spec
Added Files:
gif2png-overflow.patch
Log Message:
fixed command line buffer overflow (#547515)
gif2png-overflow.patch:
gif2png.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- NEW FILE gif2png-overflow.patch ---
Fixes cmdline buffer overflow described in
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Index: gif2png-2.5.2/gif2png.c
===================================================================
--- gif2png-2.5.2.orig/gif2png.c
+++ gif2png-2.5.2/gif2png.c
@@ -682,7 +682,10 @@ int processfile(char *fname, FILE *fp)
strcpy(outname, fname);
- file_ext = outname+strlen(outname)-4;
+ file_ext = outname+strlen(outname);
+ if (file_ext >= outname + 4)
+ file_ext -= 4;
+
if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
/* try to derive basename */
@@ -874,7 +877,8 @@ int main(int argc, char *argv[])
}
} else {
for (i = ac;i<argc; i++) {
- strcpy(name, argv[i]);
+ strncpy(name, argv[i], sizeof name - sizeof ".gif");
+ name[sizeof name - sizeof ".gif"] = '\0';
if ((fp = fopen(name, "rb")) == NULL) {
/* retry with .gif appended */
strcat(name, ".gif");
Index: gif2png.spec
===================================================================
RCS file: /cvs/extras/rpms/gif2png/F-12/gif2png.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- gif2png.spec 25 Jul 2009 00:07:54 -0000 1.9
+++ gif2png.spec 1 Jan 2010 16:36:26 -0000 1.10
@@ -3,12 +3,13 @@
Summary: A GIF to PNG converter
Name: gif2png
Version: 2.5.1
-Release: %release_func 7
+Release: %release_func 1200
License: BSD
Group: Applications/Multimedia
URL: http://www.catb.org/~esr/gif2png/
Source0: http://www.catb.org/~esr/gif2png/%name-%version.tar.gz
Patch0: ftp://ftp.debian.org/debian/pool/main/g/gif2png/gif2png_2.5.1-3.diff.gz
+Patch1: gif2png-overflow.patch
BuildRoot: %_tmppath/%name-%version-%release-root
BuildRequires: libpng-devel
@@ -43,8 +44,9 @@ convert entire web hierarchies (images a
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
-cat debian/patches/* | patch -p1
+cat debian/patches/* | patch -p1
%build
@@ -75,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Jan 1 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.1-1200
+- fixed command line buffer overflow (#547515)
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.5.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
More information about the fedora-extras-commits
mailing list