pool/logrotate
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6691855738
logrotate/logrotate-CVE-2011-1155.patch
Cristian Rodríguez ad349c46b4 Accepting request 70307 from home:puzel:branches:Base:System 
- add logrotate-CVE-2011-1098.patch (bnc#677336)
- add logrotate-shred-CVE-2011-1154.patch (bnc#679661)
- add logrotate-CVE-2011-1155.patch (bnc#679662)

OBS-URL: https://build.opensuse.org/request/show/70307
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=12
2011-05-18 17:37:01 +00:00

97 lines
2.0 KiB
Diff
Raw Blame History

Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -36,6 +36,12 @@ int selinux_enforce = 0;
#define GLOB_ABORTED GLOB_ABEND
#endif
+#ifdef PATH_MAX
+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16
+#else
+#define STATEFILE_BUFFER_SIZE 4096
+#endif
+
struct logState {
char *fn;
struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */
@@ -82,6 +88,34 @@ static int globerr(const char *pathname,
return 1;
}
+static void unescape(char *arg)
+{
+ char *p = arg;
+ char *next;
+ char escaped;
+ while ((next = strchr(p, '\\')) != NULL) {
+
+ p = next;
+
+ switch (p[1]) {
+ case 'n':
+ escaped = '\n';
+ break;
+ case '\\':
+ escaped = '\\';
+ break;
+ default:
+ ++p;
+ continue;
+ }
+
+ /* Overwrite the backslash with the intended character,
+ * and shift everything down one */
+ *p++ = escaped;
+ memmove(p, p+1, 1 + strlen(p+1));
+ }
+}
+
#define HASH_SIZE_MIN 64
static int allocateHash(void)
{
@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam
for (chptr = p->fn; *chptr; chptr++) {
switch (*chptr) {
case '"':
+ case '\\':
fputc('\\', f);
+ break;
+ case '\n':
+ fputc('\\', f);
+ fputc('n', f);
+ continue;
}
fputc(*chptr, f);
@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam
static int readState(char *stateFilename)
{
FILE *f;
- char buf[1024];
+ char buf[STATEFILE_BUFFER_SIZE];
+ char *filename;
const char **argv;
int argc;
int year, month, day;
@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename
year -= 1900, month -= 1;
- if ((st = findState(argv[0])) == NULL)
+ filename = strdup(argv[0]);
+ unescape(filename);
+
+ if ((st = findState(filename)) == NULL)
return 1;
st->lastRotated.tm_mon = month;
@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename
st->lastRotated = *localtime(&lr_time);
free(argv);
+ free(filename);
}
fclose(f);
Reference in New Issue View Git Blame Copy Permalink