[med-svn] r15904 - in trunk/packages/staden-io-lib: tags/1.13.3-2/patches trunk/debian/patches

Andreas Tille tille at moszumanska.debian.org
Thu Jan 30 19:22:32 UTC 2014 

Author: tille
Date: 2014-01-30 19:22:32 +0000 (Thu, 30 Jan 2014)
New Revision: 15904

Added:
   trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch
   trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch
Log:
Add missing patch to svn


Added: trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch
===================================================================
--- trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch	                        (rev 0)
+++ trunk/packages/staden-io-lib/tags/1.13.3-2/patches/fix_bufferoverflow.patch	2014-01-30 19:22:32 UTC (rev 15904)
@@ -0,0 +1,33 @@
+Author: James Bonfield <jkb at sanger.ac.uk>
+Last-Update: Mon, 9 Dec 2013 10:07:49 +0000
+Bug-Debian: http://bugs.debian.org/729276
+Upstream: http://sourceforge.net/p/staden/code/3529/
+Description: Fix buffer overflow
+
+--- a/progs/index_tar.c
++++ b/progs/index_tar.c
+@@ -80,7 +80,7 @@ int main(int argc, char **argv) {
+     int directories = 0;
+     FILE *fp;
+     tar_block blk;
+-    char member[256];
++    char member[257];
+     size_t size, extra;
+     int LongLink = 0;
+     size_t offset = 0;
+@@ -127,10 +127,14 @@ int main(int argc, char **argv) {
+ 	     * was ././@LongLink
+ 	     */
+             if (LongLink == 0) {
++		char *cp;
+                 (void) strncpy(member, blk.header.prefix, 155);
++		member[155] = 0;
+ 	        if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
+ 		    (void) strcat(member, "/");
+-    	        (void) strncat(member, blk.header.name, 100);
++		cp = member + strlen(member);
++    	        (void) strncpy(cp, blk.header.name, 100);
++		cp[100] = 0;
+             }
+             
+             /* account for gtar ././@LongLink */

Added: trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch
===================================================================
--- trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch	                        (rev 0)
+++ trunk/packages/staden-io-lib/trunk/debian/patches/fix_bufferoverflow.patch	2014-01-30 19:22:32 UTC (rev 15904)
@@ -0,0 +1,33 @@
+Author: James Bonfield <jkb at sanger.ac.uk>
+Last-Update: Mon, 9 Dec 2013 10:07:49 +0000
+Bug-Debian: http://bugs.debian.org/729276
+Upstream: http://sourceforge.net/p/staden/code/3529/
+Description: Fix buffer overflow
+
+--- a/progs/index_tar.c
++++ b/progs/index_tar.c
+@@ -80,7 +80,7 @@ int main(int argc, char **argv) {
+     int directories = 0;
+     FILE *fp;
+     tar_block blk;
+-    char member[256];
++    char member[257];
+     size_t size, extra;
+     int LongLink = 0;
+     size_t offset = 0;
+@@ -127,10 +127,14 @@ int main(int argc, char **argv) {
+ 	     * was ././@LongLink
+ 	     */
+             if (LongLink == 0) {
++		char *cp;
+                 (void) strncpy(member, blk.header.prefix, 155);
++		member[155] = 0;
+ 	        if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
+ 		    (void) strcat(member, "/");
+-    	        (void) strncat(member, blk.header.name, 100);
++		cp = member + strlen(member);
++    	        (void) strncpy(cp, blk.header.name, 100);
++		cp[100] = 0;
+             }
+             
+             /* account for gtar ././@LongLink */

More information about the debian-med-commit mailing list