rpms/gif2png/F-11 gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.8, 1.9
ensc
ensc at fedoraproject.org
Fri Jan 1 16:36:27 UTC 2010
- Previous message (by thread): rpms/gif2png/F-12 gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.9, 1.10
- Next message (by thread): rpms/alsa-utils/devel .cvsignore, 1.29, 1.30 alsa-utils.spec, 1.88, 1.89 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ensc
Update of /cvs/extras/rpms/gif2png/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15342/F-11
Modified Files:
gif2png.spec
Added Files:
gif2png-overflow.patch
Log Message:
fixed command line buffer overflow (#547515)
gif2png-overflow.patch:
gif2png.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- NEW FILE gif2png-overflow.patch ---
Fixes cmdline buffer overflow described in
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Index: gif2png-2.5.2/gif2png.c
===================================================================
--- gif2png-2.5.2.orig/gif2png.c
+++ gif2png-2.5.2/gif2png.c
@@ -682,7 +682,10 @@ int processfile(char *fname, FILE *fp)
strcpy(outname, fname);
- file_ext = outname+strlen(outname)-4;
+ file_ext = outname+strlen(outname);
+ if (file_ext >= outname + 4)
+ file_ext -= 4;
+
if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
/* try to derive basename */
@@ -874,7 +877,8 @@ int main(int argc, char *argv[])
}
} else {
for (i = ac;i<argc; i++) {
- strcpy(name, argv[i]);
+ strncpy(name, argv[i], sizeof name - sizeof ".gif");
+ name[sizeof name - sizeof ".gif"] = '\0';
if ((fp = fopen(name, "rb")) == NULL) {
/* retry with .gif appended */
strcat(name, ".gif");
Index: gif2png.spec
===================================================================
RCS file: /cvs/extras/rpms/gif2png/F-11/gif2png.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- gif2png.spec 1 Mar 2009 14:18:44 -0000 1.8
+++ gif2png.spec 1 Jan 2010 16:36:27 -0000 1.9
@@ -3,7 +3,7 @@
Summary: A GIF to PNG converter
Name: gif2png
Version: 2.5.1
-Release: %release_func 6
+Release: %release_func 1100
License: BSD
Group: Applications/Multimedia
URL: http://www.catb.org/~esr/gif2png/
@@ -75,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Jan 1 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.1-1100
+- fixed command line buffer overflow (#547515)
+
* Sun Mar 1 2009 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.1-6
- made web2png noarch
- Previous message (by thread): rpms/gif2png/F-12 gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.9, 1.10
- Next message (by thread): rpms/alsa-utils/devel .cvsignore, 1.29, 1.30 alsa-utils.spec, 1.88, 1.89 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list