[freexl] 01/04: New upstream version 1.0.4

Bas Couwenberg sebastic at debian.org
Fri Sep 15 19:53:01 UTC 2017


This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository freexl.

commit 13f40ae7660429c38d4f08032b321517e02b5d87
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Fri Sep 15 21:31:16 2017 +0200

    New upstream version 1.0.4
---
 config-msvc.h |   6 +--
 configure     |  20 ++++----
 configure.ac  |   2 +-
 src/freexl.c  | 147 +++++++++++++++++++++++++++++++++++-----------------------
 4 files changed, 102 insertions(+), 73 deletions(-)

diff --git a/config-msvc.h b/config-msvc.h
index 0f641eb..a39d4e7 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -86,7 +86,7 @@
 #define PACKAGE_NAME "FreeXL"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "FreeXL 1.0.1"
+#define PACKAGE_STRING "FreeXL 1.0.4"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "freexl"
@@ -95,7 +95,7 @@
 #define PACKAGE_URL ""
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "1.0.0e"
+#define PACKAGE_VERSION "1.0.4"
 
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
@@ -107,7 +107,7 @@
 /* #undef TM_IN_SYS_TIME */
 
 /* Version number of package */
-#define VERSION "1.0.1"
+#define VERSION "1.0.4"
 
 /* Define to empty if `const' does not conform to ANSI C. */
 /* #undef const */
diff --git a/configure b/configure
index 8d30fc0..3f4c0a9 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for FreeXL 1.0.3.
+# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4.
 #
 # Report bugs to <a.furieri at lqt.it>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='FreeXL'
 PACKAGE_TARNAME='freexl'
-PACKAGE_VERSION='1.0.3'
-PACKAGE_STRING='FreeXL 1.0.3'
+PACKAGE_VERSION='1.0.4'
+PACKAGE_STRING='FreeXL 1.0.4'
 PACKAGE_BUGREPORT='a.furieri at lqt.it'
 PACKAGE_URL=''
 
@@ -1326,7 +1326,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures FreeXL 1.0.3 to adapt to many kinds of systems.
+\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1396,7 +1396,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of FreeXL 1.0.3:";;
+     short | recursive ) echo "Configuration of FreeXL 1.0.4:";;
    esac
   cat <<\_ACEOF
 
@@ -1508,7 +1508,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-FreeXL configure 1.0.3
+FreeXL configure 1.0.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2052,7 +2052,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by FreeXL $as_me 1.0.3, which was
+It was created by FreeXL $as_me 1.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2923,7 +2923,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='freexl'
- VERSION='1.0.3'
+ VERSION='1.0.4'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17813,7 +17813,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by FreeXL $as_me 1.0.3, which was
+This file was extended by FreeXL $as_me 1.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -17879,7 +17879,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-FreeXL config.status 1.0.3
+FreeXL config.status 1.0.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 36d5727..a44dbf4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT(FreeXL, 1.0.3, a.furieri at lqt.it)
+AC_INIT(FreeXL, 1.0.4, a.furieri at lqt.it)
 AC_LANG(C)
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/src/freexl.c b/src/freexl.c
index 2f6cae2..a0b255a 100644
--- a/src/freexl.c
+++ b/src/freexl.c
@@ -952,6 +952,21 @@ set_sst_value (biff_workbook * workbook, unsigned int row, unsigned short col,
     return FREEXL_OK;
 }
 
+static size_t
+xls_fread (size_t bufsz, void *buf, size_t size, size_t nmemb, FILE * fl)
+{
+/* 
+/ Sandro 2017-09-07
+/ secure version of "fread" checking against buffer overflows 
+/---------------------------
+/ expected to fix the issue reported by
+/ Cisco [TALOS-2017-431]
+*/
+    if ((size * nmemb) > bufsz)
+	return 0;
+    return fread (buf, size, nmemb, fl);
+}
+
 static fat_chain *
 alloc_fat_chain (int swap, unsigned short sector_shift,
 		 unsigned int directory_start)
@@ -1395,7 +1410,8 @@ read_fat_sector (FILE * xls, fat_chain * chain, unsigned int sector)
 	max_fat = 128;
 
 /* reading a FAT sector */
-    if (fread (buf, 1, chain->sector_size, xls) != chain->sector_size)
+    if (xls_fread (sizeof (buf), buf, 1, chain->sector_size, xls) !=
+	chain->sector_size)
 	return FREEXL_CFBF_READ_ERROR;
 
     for (i_fat = 0; i_fat < max_fat; i_fat++)
@@ -1437,7 +1453,8 @@ read_difat_sectors (FILE * xls, fat_chain * chain, unsigned int sector,
 	  if (fseek (xls, where, SEEK_SET) != 0)
 	      return FREEXL_CFBF_SEEK_ERROR;
 	  /* reading a DIFAT sector */
-	  if (fread (&difat, 1, chain->sector_size, xls) != chain->sector_size)
+	  if (xls_fread (sizeof (difat), &difat, 1, chain->sector_size, xls) !=
+	      chain->sector_size)
 	      return FREEXL_CFBF_READ_ERROR;
 	  blocks++;
 	  if (chain->swap)
@@ -1498,7 +1515,8 @@ read_miniFAT_sectors (FILE * xls, fat_chain * chain, unsigned int sector,
 	  unsigned char *p_buf = buf;
 	  block++;
 	  /* reading a miniFAT sector */
-	  if (fread (&buf, 1, chain->sector_size, xls) != chain->sector_size)
+	  if (xls_fread (sizeof (buf), &buf, 1, chain->sector_size, xls) !=
+	      chain->sector_size)
 	      return FREEXL_CFBF_READ_ERROR;
 	  for (i_fat = 0; i_fat < max_fat; i_fat++)
 	    {
@@ -1526,7 +1544,7 @@ read_cfbf_header (biff_workbook * workbook, int swap, int *err_code)
     int ret;
     unsigned char *p_fat = header.fat_sector_map;
 
-    if (fread (&header, 1, 512, workbook->xls) != 512)
+    if (xls_fread (sizeof (header), &header, 1, 512, workbook->xls) != 512)
       {
 	  *err_code = FREEXL_CFBF_READ_ERROR;
 	  return NULL;
@@ -1672,8 +1690,9 @@ read_mini_stream (biff_workbook * workbook, int *errcode)
 		*errcode = FREEXL_CFBF_SEEK_ERROR;
 		return 0;
 	    }
-	  if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
-	      workbook->fat->sector_size)
+	  if (xls_fread
+	      (sizeof (buf), buf, 1, workbook->fat->sector_size,
+	       workbook->xls) != workbook->fat->sector_size)
 	    {
 		*errcode = FREEXL_CFBF_READ_ERROR;
 		return 0;
@@ -2022,7 +2041,7 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 	  /* looping on BIFF records */
 	  if (!first)
 	    {
-		if (fread (&buf, 1, 4, workbook->xls) != 4)
+		if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
 		    return 0;
 		memcpy (record_type.bytes, buf, 2);
 		memcpy (record_size.bytes, buf + 2, 2);
@@ -2048,9 +2067,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 		/* INTEGER marker found */
 		biff_word16 word16;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2075,9 +2094,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 		/* NUMBER marker found */
 		biff_word16 word16;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2102,9 +2121,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 		/* BOOLERR marker found */
 		biff_word16 word16;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2127,9 +2146,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 		/* RK marker found */
 		biff_word16 word16;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2154,9 +2173,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
 		/* LABEL marker found */
 		biff_word16 word16;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2233,7 +2252,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 
 /* attempting to get the main BOF */
     rewind (workbook->xls);
-    if (fread (&buf, 1, 4, workbook->xls) != 4)
+    if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
 	return 0;
     memcpy (record_type.bytes, buf, 2);
     memcpy (record_size.bytes, buf + 2, 2);
@@ -2269,7 +2288,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
       {
 	  /* looping on BIFF records */
 
-	  if (fread (&buf, 1, 4, workbook->xls) != 4)
+	  if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
 	      return 0;
 	  memcpy (record_type.bytes, buf, 2);
 	  memcpy (record_size.bytes, buf + 2, 2);
@@ -2282,7 +2301,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 
 	  if (record_type.value == BIFF_SHEETSOFFSET)
 	    {
-/* unsupported BIFF4W format */
+		/* unsupported BIFF4W format */
 		return 0;
 	    }
 
@@ -2295,9 +2314,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 	  if (record_type.value == BIFF_CODEPAGE)
 	    {
 		/* CODEPAGE marker found */
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 		memcpy (word16.bytes, workbook->record, 2);
 		if (swap)
@@ -2313,9 +2332,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 	  if (record_type.value == BIFF_DATEMODE)
 	    {
 		/* DATEMODE marker found */
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 		memcpy (word16.bytes, workbook->record, 2);
 		if (swap)
@@ -2347,9 +2366,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		int is_date = 0;
 		int is_datetime = 0;
 		int is_time = 0;
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		if (workbook->biff_version == FREEXL_BIFF_VER_2
@@ -2415,9 +2434,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		/* XF [Extended Format] marker found */
 		unsigned char format;
 		unsigned short s_format = 0;
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 		switch (workbook->biff_version)
 		  {
@@ -2447,9 +2466,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		unsigned int rows;
 		unsigned short columns;
 		char *utf8_name;
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record + 2, 2);
@@ -2497,9 +2516,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		    (workbook, swap, record_type.value, record_size.value))
 		    return 0;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2565,9 +2584,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		    (workbook, swap, record_type.value, record_size.value))
 		    return 0;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2644,9 +2663,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		    (workbook, swap, record_type.value, record_size.value))
 		    return 0;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2697,9 +2716,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		    (workbook, swap, record_type.value, record_size.value))
 		    return 0;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -2798,9 +2817,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
 		    (workbook, swap, record_type.value, record_size.value))
 		    return 0;
 
-		if (fread
-		    (workbook->record, 1, record_size.value,
-		     workbook->xls) != record_size.value)
+		if (xls_fread
+		    (sizeof (workbook->record), workbook->record, 1,
+		     record_size.value, workbook->xls) != record_size.value)
 		    return 0;
 
 		memcpy (word16.bytes, workbook->record, 2);
@@ -3665,8 +3684,9 @@ read_cfbf_sector (biff_workbook * workbook, unsigned char *buf)
     long where = (workbook->current_sector + 1) * workbook->fat->sector_size;
     if (fseek (workbook->xls, where, SEEK_SET) != 0)
 	return FREEXL_CFBF_SEEK_ERROR;
-    if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
-	workbook->fat->sector_size)
+    if (xls_fread
+	(sizeof (biff_workbook), buf, 1, workbook->fat->sector_size,
+	 workbook->xls) != workbook->fat->sector_size)
 	return FREEXL_CFBF_READ_ERROR;
     return FREEXL_OK;
 }
@@ -3788,6 +3808,14 @@ read_biff_next_record (biff_workbook * workbook, int swap, int *errcode)
     if (record_type.value == 0x0000 && record_size.value == 0)
 	return -1;
 
+/*
+/ Sandro 2017-09-07
+/ fixing a security issue reported by
+/ Cisco [TALOS-2017-430]
+*/
+    if (record_size.value > sizeof (workbook->record))
+	return -1;
+
 /* saving the current record */
     workbook->record_type = record_type.value;
     workbook->record_size = record_size.value;
@@ -3967,8 +3995,9 @@ get_workbook_stream (biff_workbook * workbook)
     if (fseek (workbook->xls, where, SEEK_SET) != 0)
 	return FREEXL_CFBF_SEEK_ERROR;
 /* reading a FAT Directory block [sector] */
-    if (fread (dir_block, 1, workbook->fat->sector_size, workbook->xls) !=
-	workbook->fat->sector_size)
+    if (xls_fread
+	(sizeof (dir_block), dir_block, 1, workbook->fat->sector_size,
+	 workbook->xls) != workbook->fat->sector_size)
 	return FREEXL_CFBF_READ_ERROR;
     workbook_start = 0xFFFFFFFF;
     for (i_entry = 0; i_entry < max_entries; i_entry++)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git



More information about the Pkg-grass-devel mailing list