- Avoid buffer overflow in filesys.cpp(dir_size).

OBS-URL: https://build.opensuse.org/package/show/network/boinc-client?expand=0&rev=11
2011-05-17 14:59:23 +00:00 · 2011-05-17 14:59:23 +00:00 · 283e9a6079
commit 283e9a6079
parent 80d5bb95b7
3 changed files with 49 additions and 0 deletions
--- a/boinc-client-dynamic_buffers.patch
+++ b/boinc-client-dynamic_buffers.patch
@ -0,0 +1,41 @@
+Index: lib/filesys.cpp
+===================================================================
+--- lib/filesys.cpp.orig	2011-05-16 18:13:03.000000000 +0200
+++ lib/filesys.cpp	2011-05-16 18:49:23.426248908 +0200
+@@ -36,6 +36,7 @@
+ #include <sys/time.h>
+ #include <unistd.h>
+ #include <dirent.h>
+#include <climits>
+ 
+ #ifdef HAVE_SYS_RESOURCE_H
+ #include <sys/resource.h>
+@@ -371,7 +372,8 @@ int dir_size(const char* dirpath, double
+     } while (FindNextFileA(hFind, &findData));
+ 	::FindClose(hFind);
+ #else
+-    char filename[256], subdir[256];
+    char filename[PATH_MAX];
+    char *subdir;
+     int retval=0;
+     DIRREF dirp;
+     double x;
+@@ -382,7 +384,7 @@ int dir_size(const char* dirpath, double
+     while (1) {
+         retval = dir_scan(filename, dirp, sizeof(filename));
+         if (retval) break;
+-        sprintf(subdir, "%s/%s", dirpath, filename);
+        asprintf(&subdir, "%s/%s", dirpath, filename);
+ 
+         if (is_dir(subdir)) {
+             if (recurse) {
+@@ -395,6 +397,9 @@ int dir_size(const char* dirpath, double
+             if (retval) continue;
+             size += x;
+         }
+
+        if(subdir != NULL)
+            free(subdir);
+     }
+     dir_close(dirp);
+ #endif
--- a/boinc-client.changes
+++ b/boinc-client.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon May 16 18:49:58 CEST 2011 - pth@suse.de
+
+- Avoid buffer overflow in filesys.cpp(dir_size).
+
 -------------------------------------------------------------------
 Sun May  1 23:27:45 UTC 2011 - chris@computersalat.de

--- a/boinc-client.spec
+++ b/boinc-client.spec
@ -63,6 +63,8 @@ Patch4:         boinc-docbook2x.patch
 Patch5:         boinc-server.patch
 # PATCH-FIX-OPENSUSE saigkill@opensuse.org adds define HAVE_STRCASESRTR
 Patch6:         boinc-client-str_util.patch
+# PATCH-FIX-OPENSUSE pth@suse.de use asprintf to fix buffer overflow
+Patch7:         boinc-client-dynamic_buffers.patch
 #
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -180,6 +182,7 @@ This package contains documentation files for %{name}.
 %patch4
 %patch5
 %patch6
+%patch7

 # Install user hints
 %{__install} -m0644 %{S:3} README.SUSE