diff options
author | Michael Jennings <mej@kainx.org> | 2006-01-23 19:31:54 +0000 |
---|---|---|
committer | Michael Jennings <mej@kainx.org> | 2006-01-23 19:31:54 +0000 |
commit | cfbaa60097d20666121258b1213633e56bc9de34 (patch) | |
tree | fab87b882e604b89f16b8a8720c4a253495917f4 | |
parent | b6c9952112a0e165311d88d8417a59b28dac7da2 (diff) | |
download | libast-cfbaa60097d20666121258b1213633e56bc9de34.tar.gz |
Mon Jan 23 14:29:26 2006 Michael Jennings (mej)
0.7 final release. Includes fix for CVE-2006-0224 buffer overflow
discovered by Rosiello Security. Details can be found at
http://www.rosiello.org/en/read_bugs.php?id=25
----------------------------------------------------------------------
SVN revision: 20001
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | include/libast.h | 3 | ||||
-rw-r--r-- | libast.spec | 4 | ||||
-rw-r--r-- | src/conf.c | 13 | ||||
-rw-r--r-- | src/mbuff.c | 2 | ||||
-rw-r--r-- | src/obj.c | 2 |
7 files changed, 22 insertions, 10 deletions
@@ -758,3 +758,9 @@ Thu Dec 22 18:29:54 2005 Michael Jennings (mej) Fixed auto-detection of Imlib2. :-( ---------------------------------------------------------------------- +Mon Jan 23 14:29:26 2006 Michael Jennings (mej) + +0.7 final release. Includes fix for CVE-2006-0224 buffer overflow +discovered by Rosiello Security. Details can be found at +http://www.rosiello.org/en/read_bugs.php?id=25 +---------------------------------------------------------------------- diff --git a/configure.in b/configure.in index f313952..586a254 100644 --- a/configure.in +++ b/configure.in @@ -71,7 +71,7 @@ AC_ARG_WITH(pedantry, [ --with-pedantry add -Werror -std=c99 -pedantic to CFLAGS], [ if test "$withval" != "no"; then - CFLAGS="$CFLAGS -Wall -Werror -std=c99 -pedantic" + CFLAGS="$CFLAGS -Wall -Werror -std=c99" AC_DEFINE(STRICT_ISO_C99, 1, [Defined if strict ISO C99 (9899:1999) is requested or required.]) fi ] diff --git a/include/libast.h b/include/libast.h index 158a533..5c767c5 100644 --- a/include/libast.h +++ b/include/libast.h @@ -81,7 +81,8 @@ #endif #ifdef __GNUC__ -# if __GNUC__ >= 4 && !defined(STRICT_ISO_C99) +# if __GNUC__ >= 4 +# undef STRICT_ISO_C99 # define STRICT_ISO_C99 1 # endif #else diff --git a/libast.spec b/libast.spec index f66501a..10b6ac8 100644 --- a/libast.spec +++ b/libast.spec @@ -6,8 +6,8 @@ Summary: Library of Assorted Spiffy Things Name: libast Version: 0.7 -#Release: 1 -Release: 0.%(date '+%Y%m%d') +Release: 1 +#Release: 0.%(date '+%Y%m%d') Group: System Environment/Libraries License: BSD URL: http://www.eterm.org/ @@ -721,14 +721,12 @@ spifconf_shell_expand(spif_charptr_t s) /* The config file reader. This looks for the config file by searching CONFIG_SEARCH_PATH. If it can't find a config file, it displays a warning but continues. -- mej */ - spif_charptr_t spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const spif_charptr_t pathlist) { static spif_char_t name[PATH_MAX], full_path[PATH_MAX]; spif_charptr_t path, p; - short maxpathlen; - unsigned short len; + spif_int32_t len, maxpathlen; struct stat fst; REQUIRE_RVAL(file != NULL, NULL); @@ -737,6 +735,13 @@ spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const sp D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory \"%s\".\n", file, NONULL(dir), NONULL(pathlist), name)); + /* Make sure our supplied settings don't overflow. */ + len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char *) dir)) : (0)) + 2; + if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) { + D_CONF(("Too big. I lose. :(\n")); + return ((spif_charptr_t) NULL); + } + if (dir) { strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir); strcat(SPIF_CAST_C(char *) name, "/"); @@ -756,7 +761,7 @@ spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const sp /* maxpathlen is the longest possible path we can stuff into name[]. The - 2 saves room for an additional / and the trailing null. */ if ((maxpathlen = sizeof(name) - len - 2) <= 0) { - D_CONF(("Too big. I lose. :(\n", name)); + D_CONF(("Too big. I lose. :(\n")); return ((spif_charptr_t) NULL); } diff --git a/src/mbuff.c b/src/mbuff.c index 39900f2..cc8e95c 100644 --- a/src/mbuff.c +++ b/src/mbuff.c @@ -495,7 +495,7 @@ spif_mbuff_reverse(spif_mbuff_t self) REQUIRE_RVAL(self->buff != SPIF_NULL_TYPE(byteptr), FALSE); for (j = 0, i = self->len - 1; i > j; i--, j++) { - (void) BINSWAP(tmp[j], tmp[i]); + SWAP(tmp[j], tmp[i]); } return TRUE; } @@ -390,7 +390,7 @@ spif_bool_t spif_obj_set_class(spif_obj_t self, spif_class_t cls) { ASSERT_RVAL(!SPIF_OBJ_ISNULL(self), FALSE); - SPIF_OBJ(self)->cls = cls; + self->cls = cls; return TRUE; } |