[Pkg-erlang-commits] r1517 - in erlang/trunk/debian: . patches

sgolovan at alioth.debian.org sgolovan at alioth.debian.org
Sat Jul 6 13:22:08 UTC 2013 

Author: sgolovan
Date: 2013-07-06 13:22:08 +0000 (Sat, 06 Jul 2013)
New Revision: 1517

Added:
   erlang/trunk/debian/patches/odbcserver.patch
Modified:
   erlang/trunk/debian/changelog
   erlang/trunk/debian/patches/series
Log:
[erlang]
  * Fixed crash in odbcserver if it's executed with unexpected data on stdin.


Modified: erlang/trunk/debian/changelog
===================================================================
--- erlang/trunk/debian/changelog	2013-06-24 10:47:37 UTC (rev 1516)
+++ erlang/trunk/debian/changelog	2013-07-06 13:22:08 UTC (rev 1517)
@@ -1,8 +1,8 @@
-erlang (1:16.b.1-dfsg-3) UNRELEASED; urgency=low
+erlang (1:16.b.1-dfsg-3) unstable; urgency=low
 
-  * NOT RELEASED YET
+  * Fixed crash in odbcserver if it's executed with unexpected data on stdin.
 
- -- Sergei Golovan <sgolovan at debian.org>  Mon, 24 Jun 2013 14:47:35 +0400
+ -- Sergei Golovan <sgolovan at debian.org>  Sat, 06 Jul 2013 17:21:38 +0400
 
 erlang (1:16.b.1-dfsg-2) unstable; urgency=low
 

Added: erlang/trunk/debian/patches/odbcserver.patch
===================================================================
--- erlang/trunk/debian/patches/odbcserver.patch	                        (rev 0)
+++ erlang/trunk/debian/patches/odbcserver.patch	2013-07-06 13:22:08 UTC (rev 1517)
@@ -0,0 +1,45 @@
+Author: Sergei Golovan
+Description: Patch adds a few input checks which prevent odbcserver crash if
+ it's executed and supplied incorrect data to stdin. A crash example:
+ echo -en "\x0\x0\x0\x1\x0" | ./odbcserver
+Last-Updated: Thu, 27 Jun 2013 09:42:57 +0400
+
+--- erlang-16.b.1-dfsg.orig/lib/odbc/c_src/odbcserver.c
++++ erlang-16.b.1-dfsg/lib/odbc/c_src/odbcserver.c
+@@ -277,11 +277,15 @@
+     msg = receive_erlang_port_msg();
+ 
+     temp = strtok(msg, ";");
++    if (temp == NULL)
++	DO_EXIT(EXIT_STDIN_BODY);
+     length = strlen(temp);
+     supervisor_port = safe_malloc(length + 1);
+     strcpy(supervisor_port, temp);
+ 
+     temp = strtok(NULL, ";");
++    if (temp == NULL)
++	DO_EXIT(EXIT_STDIN_BODY);
+     length = strlen(temp);
+     odbc_port = safe_malloc(length + 1);
+     strcpy(odbc_port, temp);
+@@ -1819,12 +1823,20 @@
+ 	len |= lengthstr[i];
+     }
+     
++    if (len <= 0 || len > 1024) {
++	DO_EXIT(EXIT_STDIN_HEADER);
++    }
++
+     buffer = (byte *)safe_malloc(len);
+     
+     if (read_exact(buffer, len) <= 0) {
+ 	DO_EXIT(EXIT_STDIN_BODY);
+     }
+ 
++    if (buffer[len-1] != '\0') {
++	DO_EXIT(EXIT_STDIN_BODY);
++    }
++
+     return buffer;
+ }
+  

Modified: erlang/trunk/debian/patches/series
===================================================================
--- erlang/trunk/debian/patches/series	2013-06-24 10:47:37 UTC (rev 1516)
+++ erlang/trunk/debian/patches/series	2013-07-06 13:22:08 UTC (rev 1517)
@@ -8,3 +8,4 @@
 java.patch
 hppa.patch
 powerpc.patch
+odbcserver.patch

More information about the Pkg-erlang-commits mailing list