/[pkgs]/devel/enscript/enscript-CVE-2008-3863+CVE-2008-4306.patch
ViewVC logotype

Contents of /devel/enscript/enscript-CVE-2008-3863+CVE-2008-4306.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Mon Nov 3 13:40:26 2008 UTC (12 months, 2 weeks ago) by atkac
Branch: MAIN
CVS Tags: enscript-1_6_4-13_fc12, F-12-split, enscript-1_6_4-11_fc10, F-10-split, F-11-split, enscript-1_6_4-14_fc12, enscript-1_6_4-12_fc11, HEAD
File MIME type: text/x-patch 
- fixed various buffer overflows (CVE-2008-3863, CVE-2008-4306)
1 --- src/psgen.c
2 +++ src/psgen.c 2008-10-29 10:43:08.512598143 +0100
3 @@ -24,6 +24,7 @@
4 * Boston, MA 02111-1307, USA.
5 */
6
7 +#include <limits.h>
8 #include "gsint.h"
9
10 /*
11 @@ -124,7 +125,7 @@ struct gs_token_st
12 double xscale;
13 double yscale;
14 int llx, lly, urx, ury; /* Bounding box. */
15 - char filename[512];
16 + char filename[PATH_MAX];
17 char *skipbuf;
18 unsigned int skipbuf_len;
19 unsigned int skipbuf_pos;
20 @@ -135,11 +136,11 @@ struct gs_token_st
21 Color bgcolor;
22 struct
23 {
24 - char name[512];
25 + char name[PATH_MAX];
26 FontPoint size;
27 InputEncoding encoding;
28 } font;
29 - char filename[512];
30 + char filename[PATH_MAX];
31 } u;
32 };
33
34 @@ -248,7 +249,7 @@ static int do_print = 1;
35 static int user_fontp = 0;
36
37 /* The user ^@font{}-defined font. */
38 -static char user_font_name[256];
39 +static char user_font_name[PATH_MAX];
40 static FontPoint user_font_pt;
41 static InputEncoding user_font_encoding;
42
43 @@ -978,7 +979,8 @@ large for page\n"),
44 FATAL ((stderr,
45 _("user font encoding can be only the system's default or `ps'")));
46
47 - strcpy (user_font_name, token.u.font.name);
48 + memset (user_font_name, 0, sizeof(user_font_name));
49 + strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
50 user_font_pt.w = token.u.font.size.w;
51 user_font_pt.h = token.u.font.size.h;
52 user_font_encoding = token.u.font.encoding;
53 @@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
54 buf[i] = ch;
55 if (i + 1 >= sizeof (buf))
56 FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
57 - escapes[i].name, i, buf));
58 + escapes[e].name, i, buf));
59 }
60 buf[i] = '\0';
61
62 @@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
63 switch (escapes[e].escape)
64 {
65 case ESC_FONT:
66 - strcpy (token->u.font.name, buf);
67 + memset (token->u.font.name, 0, sizeof(token->u.font.name));
68 + strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
69
70 /* Check for the default font. */
71 if (strcmp (token->u.font.name, "default") == 0)
72 @@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
73 FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
74 token->u.font.name));
75
76 - strcpy (token->u.font.name, cp);
77 + memset (token->u.font.name, 0, sizeof(token->u.font.name));
78 + strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
79 xfree (cp);
80 }
81 token->type = tFONT;
82 @@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
83 break;
84
85 case ESC_SETFILENAME:
86 - strcpy (token->u.filename, buf);
87 + memset (token->u.filename, 0, sizeof(token->u.font.name));
88 + strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
89 token->type = tSETFILENAME;
90 break;
admin@fedoraproject.org
 ViewVC Help
Powered by ViewVC 1.1.2