[med-svn] r15904 - in trunk/packages/staden-io-lib: tags/1.13.3-2/patches trunk/debian/patches
Andreas Tille
tille at moszumanska.debian.org
Thu Jan 30 19:22:32 UTC 2014
Author: tille
Date: 2014-01-30 19:22:32 +0000 (Thu, 30 Jan 2014)
New Revision: 15904
Added:
trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch
trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch
Log:
Add missing patch to svn
Added: trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch
===================================================================
--- trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch (rev 0)
+++ trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch 2014-01-30 19:22:32 UTC (rev 15904)
@@ -0,0 +1,33 @@
+Author: James Bonfield <jkb at sanger.ac.uk>
+Last-Update: Mon, 9 Dec 2013 10:07:49 +0000
+Bug-Debian: http://bugs.debian.org/729276
+Upstream: http://sourceforge.net/p/staden/code/3529/
+Description: Fix buffer overflow
+
+--- a/progs/index_tar.c
++++ b/progs/index_tar.c
+@@ -80,7 +80,7 @@ int main(int argc, char **argv) {
+ int directories = 0;
+ FILE *fp;
+ tar_block blk;
+- char member[256];
++ char member[257];
+ size_t size, extra;
+ int LongLink = 0;
+ size_t offset = 0;
+@@ -127,10 +127,14 @@ int main(int argc, char **argv) {
+ * was ././@LongLink
+ */
+ if (LongLink == 0) {
++ char *cp;
+ (void) strncpy(member, blk.header.prefix, 155);
++ member[155] = 0;
+ if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
+ (void) strcat(member, "/");
+- (void) strncat(member, blk.header.name, 100);
++ cp = member + strlen(member);
++ (void) strncpy(cp, blk.header.name, 100);
++ cp[100] = 0;
+ }
+
+ /* account for gtar ././@LongLink */
Added: trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch
===================================================================
--- trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch (rev 0)
+++ trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch 2014-01-30 19:22:32 UTC (rev 15904)
@@ -0,0 +1,33 @@
+Author: James Bonfield <jkb at sanger.ac.uk>
+Last-Update: Mon, 9 Dec 2013 10:07:49 +0000
+Bug-Debian: http://bugs.debian.org/729276
+Upstream: http://sourceforge.net/p/staden/code/3529/
+Description: Fix buffer overflow
+
+--- a/progs/index_tar.c
++++ b/progs/index_tar.c
+@@ -80,7 +80,7 @@ int main(int argc, char **argv) {
+ int directories = 0;
+ FILE *fp;
+ tar_block blk;
+- char member[256];
++ char member[257];
+ size_t size, extra;
+ int LongLink = 0;
+ size_t offset = 0;
+@@ -127,10 +127,14 @@ int main(int argc, char **argv) {
+ * was ././@LongLink
+ */
+ if (LongLink == 0) {
++ char *cp;
+ (void) strncpy(member, blk.header.prefix, 155);
++ member[155] = 0;
+ if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
+ (void) strcat(member, "/");
+- (void) strncat(member, blk.header.name, 100);
++ cp = member + strlen(member);
++ (void) strncpy(cp, blk.header.name, 100);
++ cp[100] = 0;
+ }
+
+ /* account for gtar ././@LongLink */
More information about the debian-med-commit
mailing list