diff options
author | Jim Ramsay <lack@gentoo.org> | 2009-08-06 20:23:20 +0000 |
---|---|---|
committer | Jim Ramsay <lack@gentoo.org> | 2009-08-06 20:23:20 +0000 |
commit | 126b7ad474e9e8722ada26e736d165a82e6fbfea (patch) | |
tree | 65a9e50b1d07075e671a2a8b9cfaa6d2b2755e8f | |
parent | x11-drivers/xf86-video-siliconmotion: drop old ebuilds (diff) | |
download | gentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.tar.gz gentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.tar.bz2 gentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.zip |
Fix a segfault and set of buffer overflows
(Portage version: 2.1.6.13/cvs/Linux x86_64)
-rw-r--r-- | x11-plugins/wmfrog/ChangeLog | 10 | ||||
-rw-r--r-- | x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch | 54 | ||||
-rw-r--r-- | x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch | 60 | ||||
-rw-r--r-- | x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild | 37 |
4 files changed, 159 insertions, 2 deletions
diff --git a/x11-plugins/wmfrog/ChangeLog b/x11-plugins/wmfrog/ChangeLog index ac04cf944f1e..a5327a57fbd8 100644 --- a/x11-plugins/wmfrog/ChangeLog +++ b/x11-plugins/wmfrog/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for x11-plugins/wmfrog -# Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/ChangeLog,v 1.6 2008/04/28 15:41:44 drac Exp $ +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/ChangeLog,v 1.7 2009/08/06 20:23:20 lack Exp $ + +*wmfrog-0.2.0-r1 (06 Aug 2009) + + 06 Aug 2009; Jim Ramsay <lack@gentoo.org> +wmfrog-0.2.0-r1.ebuild, + +files/01-fix-segfault-0.2.0.patch, +files/02-buffer-overflow-0.2.0.patch: + Fix a segfault and set of buffer overflows *wmfrog-0.2.0 (28 Apr 2008) diff --git a/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch b/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch new file mode 100644 index 000000000000..7e88f49058ff --- /dev/null +++ b/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch @@ -0,0 +1,54 @@ +From 7b9ead8d480eb2be07db646e9c6383f3397beaea Mon Sep 17 00:00:00 2001 +From: Jim Ramsay <lack@gentoo.org> +Date: Thu, 6 Aug 2009 12:22:26 -0400 +Subject: [PATCH] Fixed segfault if Weather or Clouds not present + +Though the variables 'weatherFound' and 'cloudsFound' were being set properly by +fscanf, their values were never actually checked. + +Furthermore, the strings (Weather, Clouds, tmp1 and tmp2) were not being +initialized to NULL as the code seems to have been expecting. +--- + Src/wmFrog.c | 12 ++++++------ + 1 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/Src/wmFrog.c b/Src/wmFrog.c +index e2d82af..af4101a 100644 +--- a/Src/wmFrog.c ++++ b/Src/wmFrog.c +@@ -68,10 +68,10 @@ int n, s, m, i, dt1, dt2, dt3 ; + XEvent event; + char command[1024], Line[512], FileName[10]; + FILE *fp; +- char* Weather; +- char* Clouds; +- char* tmp1; +- char* tmp2; ++ char* Weather = NULL; ++ char* Clouds = NULL; ++ char* tmp1 = NULL; ++ char* tmp2 = NULL; + int intensity=0; + char* precip; + char* desc; +@@ -238,7 +238,7 @@ FILE *fp; + keepgoing=1; + { + +- do{ ++ if (weatherFound) do{ + + + tmp1=mystrsep(&Weather,";"); +@@ -289,7 +289,7 @@ FILE *fp; + while(keepgoing); + } + +- do{ ++ if (cloudsFound) do{ + tmp1=mystrsep(&Clouds,";"); + if(tmp1) + { +-- +1.6.3.3 + diff --git a/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch b/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch new file mode 100644 index 000000000000..c4267585836c --- /dev/null +++ b/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch @@ -0,0 +1,60 @@ +From 5cc2198aebf090b399bd8aaea0e1c8b054bbda58 Mon Sep 17 00:00:00 2001 +From: Jim Ramsay <i.am@jimramsay.com> +Date: Thu, 6 Aug 2009 12:51:56 -0400 +Subject: [PATCH] Remove buffer overflows + +Replaced all 'sprintf' calls with 'snprintf' and fixed all buffers to reasonable +sizes. +--- + Src/wmFrog.c | 11 +++++------ + 1 files changed, 5 insertions(+), 6 deletions(-) + +diff --git a/Src/wmFrog.c b/Src/wmFrog.c +index af4101a..74e8b56 100644 +--- a/Src/wmFrog.c ++++ b/Src/wmFrog.c +@@ -66,7 +66,7 @@ char* folder; + int main(int argc, char *argv[]) { + int n, s, m, i, dt1, dt2, dt3 ; + XEvent event; +-char command[1024], Line[512], FileName[10]; ++char command[1024], Line[512], FileName[128]; + FILE *fp; + char* Weather = NULL; + char* Clouds = NULL; +@@ -213,7 +213,7 @@ FILE *fp; + + dt2 = 0; + +- sprintf(FileName, "%s/%s", folder, StationID); ++ snprintf(FileName, 128, "%s/%s", folder, StationID); + fprintf(stderr,"%s\n\n",FileName); + if ((fp = fopen(FileName, "r")) != NULL){ + fscanf(fp, "Hour:%d", &hour); +@@ -571,7 +571,7 @@ UpToDate = 0; + /* + * Execute Perl script to grab the Latest METAR Report + */ +- sprintf(command, "/usr/lib/wmfrog/weather.pl %s %s &", StationID, folder); ++ snprintf(command, 1024, "/usr/lib/wmfrog/weather.pl %s %s &", StationID, folder); + //printf("Retrieveing data\n"); + system(command); + ForceDownload = 0; +@@ -844,12 +844,11 @@ char *GetTempDir(char *suffix) + { + uid_t id; + struct passwd *userEntry; +- char * userHome; ++ static char userHome[128]; + + id=getuid(); + userEntry=getpwuid(id); +- userHome=userEntry->pw_dir; +- sprintf(userHome,"%s/%s",userHome,suffix); ++ snprintf(userHome, 128, "%s/%s", userEntry->pw_dir, suffix); + return userHome; + } + +-- +1.6.3.3 + diff --git a/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild b/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild new file mode 100644 index 000000000000..802a83ce77a2 --- /dev/null +++ b/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild,v 1.1 2009/08/06 20:23:20 lack Exp $ + +EAPI=2 +inherit eutils toolchain-funcs + +DESCRIPTION="a weather application, it shows the weather in a graphical way." +HOMEPAGE="http://wiki.colar.net/wmfrog_dockapp" +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND="x11-libs/libXext + x11-libs/libXpm + x11-libs/libX11" +DEPEND="${RDEPEND} + x11-proto/xextproto" + +S=${WORKDIR}/Src + +src_prepare() { + epatch "${FILESDIR}"/*-${PV}.patch +} + +src_compile() { + emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" INCDIR="" \ + LIBDIR="" || die "emake failed." +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed." + dodoc ../{CHANGES,HINTS} +} |