[freexl] 01/04: New upstream version 1.0.4
Bas Couwenberg
sebastic at debian.org
Fri Sep 15 19:53:01 UTC 2017
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch master
in repository freexl.
commit 13f40ae7660429c38d4f08032b321517e02b5d87
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Fri Sep 15 21:31:16 2017 +0200
New upstream version 1.0.4
---
config-msvc.h | 6 +--
configure | 20 ++++----
configure.ac | 2 +-
src/freexl.c | 147 +++++++++++++++++++++++++++++++++++-----------------------
4 files changed, 102 insertions(+), 73 deletions(-)
diff --git a/config-msvc.h b/config-msvc.h
index 0f641eb..a39d4e7 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -86,7 +86,7 @@
#define PACKAGE_NAME "FreeXL"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "FreeXL 1.0.1"
+#define PACKAGE_STRING "FreeXL 1.0.4"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "freexl"
@@ -95,7 +95,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.0.0e"
+#define PACKAGE_VERSION "1.0.4"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
@@ -107,7 +107,7 @@
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "1.0.1"
+#define VERSION "1.0.4"
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
diff --git a/configure b/configure
index 8d30fc0..3f4c0a9 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for FreeXL 1.0.3.
+# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4.
#
# Report bugs to <a.furieri at lqt.it>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='FreeXL'
PACKAGE_TARNAME='freexl'
-PACKAGE_VERSION='1.0.3'
-PACKAGE_STRING='FreeXL 1.0.3'
+PACKAGE_VERSION='1.0.4'
+PACKAGE_STRING='FreeXL 1.0.4'
PACKAGE_BUGREPORT='a.furieri at lqt.it'
PACKAGE_URL=''
@@ -1326,7 +1326,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures FreeXL 1.0.3 to adapt to many kinds of systems.
+\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1396,7 +1396,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of FreeXL 1.0.3:";;
+ short | recursive ) echo "Configuration of FreeXL 1.0.4:";;
esac
cat <<\_ACEOF
@@ -1508,7 +1508,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-FreeXL configure 1.0.3
+FreeXL configure 1.0.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2052,7 +2052,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by FreeXL $as_me 1.0.3, which was
+It was created by FreeXL $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2923,7 +2923,7 @@ fi
# Define the identity of the package.
PACKAGE='freexl'
- VERSION='1.0.3'
+ VERSION='1.0.4'
cat >>confdefs.h <<_ACEOF
@@ -17813,7 +17813,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by FreeXL $as_me 1.0.3, which was
+This file was extended by FreeXL $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17879,7 +17879,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-FreeXL config.status 1.0.3
+FreeXL config.status 1.0.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index 36d5727..a44dbf4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT(FreeXL, 1.0.3, a.furieri at lqt.it)
+AC_INIT(FreeXL, 1.0.4, a.furieri at lqt.it)
AC_LANG(C)
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/src/freexl.c b/src/freexl.c
index 2f6cae2..a0b255a 100644
--- a/src/freexl.c
+++ b/src/freexl.c
@@ -952,6 +952,21 @@ set_sst_value (biff_workbook * workbook, unsigned int row, unsigned short col,
return FREEXL_OK;
}
+static size_t
+xls_fread (size_t bufsz, void *buf, size_t size, size_t nmemb, FILE * fl)
+{
+/*
+/ Sandro 2017-09-07
+/ secure version of "fread" checking against buffer overflows
+/---------------------------
+/ expected to fix the issue reported by
+/ Cisco [TALOS-2017-431]
+*/
+ if ((size * nmemb) > bufsz)
+ return 0;
+ return fread (buf, size, nmemb, fl);
+}
+
static fat_chain *
alloc_fat_chain (int swap, unsigned short sector_shift,
unsigned int directory_start)
@@ -1395,7 +1410,8 @@ read_fat_sector (FILE * xls, fat_chain * chain, unsigned int sector)
max_fat = 128;
/* reading a FAT sector */
- if (fread (buf, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (buf), buf, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
for (i_fat = 0; i_fat < max_fat; i_fat++)
@@ -1437,7 +1453,8 @@ read_difat_sectors (FILE * xls, fat_chain * chain, unsigned int sector,
if (fseek (xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
/* reading a DIFAT sector */
- if (fread (&difat, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (difat), &difat, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
blocks++;
if (chain->swap)
@@ -1498,7 +1515,8 @@ read_miniFAT_sectors (FILE * xls, fat_chain * chain, unsigned int sector,
unsigned char *p_buf = buf;
block++;
/* reading a miniFAT sector */
- if (fread (&buf, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (buf), &buf, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
for (i_fat = 0; i_fat < max_fat; i_fat++)
{
@@ -1526,7 +1544,7 @@ read_cfbf_header (biff_workbook * workbook, int swap, int *err_code)
int ret;
unsigned char *p_fat = header.fat_sector_map;
- if (fread (&header, 1, 512, workbook->xls) != 512)
+ if (xls_fread (sizeof (header), &header, 1, 512, workbook->xls) != 512)
{
*err_code = FREEXL_CFBF_READ_ERROR;
return NULL;
@@ -1672,8 +1690,9 @@ read_mini_stream (biff_workbook * workbook, int *errcode)
*errcode = FREEXL_CFBF_SEEK_ERROR;
return 0;
}
- if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (buf), buf, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
{
*errcode = FREEXL_CFBF_READ_ERROR;
return 0;
@@ -2022,7 +2041,7 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* looping on BIFF records */
if (!first)
{
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2048,9 +2067,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* INTEGER marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2075,9 +2094,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* NUMBER marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2102,9 +2121,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* BOOLERR marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2127,9 +2146,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* RK marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2154,9 +2173,9 @@ legacy_emergency_dimension (biff_workbook * workbook, int swap,
/* LABEL marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2233,7 +2252,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
/* attempting to get the main BOF */
rewind (workbook->xls);
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2269,7 +2288,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
{
/* looping on BIFF records */
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2282,7 +2301,7 @@ read_legacy_biff (biff_workbook * workbook, int swap)
if (record_type.value == BIFF_SHEETSOFFSET)
{
-/* unsupported BIFF4W format */
+ /* unsupported BIFF4W format */
return 0;
}
@@ -2295,9 +2314,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
if (record_type.value == BIFF_CODEPAGE)
{
/* CODEPAGE marker found */
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
if (swap)
@@ -2313,9 +2332,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
if (record_type.value == BIFF_DATEMODE)
{
/* DATEMODE marker found */
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
if (swap)
@@ -2347,9 +2366,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
int is_date = 0;
int is_datetime = 0;
int is_time = 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
if (workbook->biff_version == FREEXL_BIFF_VER_2
@@ -2415,9 +2434,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
/* XF [Extended Format] marker found */
unsigned char format;
unsigned short s_format = 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
switch (workbook->biff_version)
{
@@ -2447,9 +2466,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
unsigned int rows;
unsigned short columns;
char *utf8_name;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record + 2, 2);
@@ -2497,9 +2516,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2565,9 +2584,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2644,9 +2663,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2697,9 +2716,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2798,9 +2817,9 @@ read_legacy_biff (biff_workbook * workbook, int swap)
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -3665,8 +3684,9 @@ read_cfbf_sector (biff_workbook * workbook, unsigned char *buf)
long where = (workbook->current_sector + 1) * workbook->fat->sector_size;
if (fseek (workbook->xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
- if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (biff_workbook), buf, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
return FREEXL_CFBF_READ_ERROR;
return FREEXL_OK;
}
@@ -3788,6 +3808,14 @@ read_biff_next_record (biff_workbook * workbook, int swap, int *errcode)
if (record_type.value == 0x0000 && record_size.value == 0)
return -1;
+/*
+/ Sandro 2017-09-07
+/ fixing a security issue reported by
+/ Cisco [TALOS-2017-430]
+*/
+ if (record_size.value > sizeof (workbook->record))
+ return -1;
+
/* saving the current record */
workbook->record_type = record_type.value;
workbook->record_size = record_size.value;
@@ -3967,8 +3995,9 @@ get_workbook_stream (biff_workbook * workbook)
if (fseek (workbook->xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
/* reading a FAT Directory block [sector] */
- if (fread (dir_block, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (dir_block), dir_block, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
return FREEXL_CFBF_READ_ERROR;
workbook_start = 0xFFFFFFFF;
for (i_entry = 0; i_entry < max_entries; i_entry++)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git
More information about the Pkg-grass-devel
mailing list