OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcdio?expand=0&rev=3

2008-03-11 17:50:24 +00:00 · 2008-03-11 17:50:24 +00:00 · 3f91d1ab40
commit 3f91d1ab40
parent d3a859f662
5 changed files with 201 additions and 2 deletions
--- a/libcdio-0.78.2-check-returns.patch
+++ b/libcdio-0.78.2-check-returns.patch
@ -0,0 +1,175 @@
+--- libcdio-0.78.2/lib/iso9660/iso9660_fs.c
+++ libcdio-0.78.2/lib/iso9660/iso9660_fs.c
+@@ -745,6 +745,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+   stat_len      = sizeof(iso9660_stat_t)+i_fname+2;
+ 
+   p_stat          = calloc(1, stat_len);
+  if (!p_stat)
+    {
+    cdio_warn("Couldn't calloc(1, %d)", stat_len);
+    return NULL;
+    }
+   p_stat->type    = (p_iso9660_dir->file_flags & ISO_DIRECTORY) 
+     ? _STAT_DIR : _STAT_FILE;
+   p_stat->lsn     = from_733 (p_iso9660_dir->extent);
+@@ -768,6 +773,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+ 	/* realloc gives valgrind errors */
+ 	iso9660_stat_t *p_stat_new = 
+ 	  calloc(1, sizeof(iso9660_stat_t)+i_rr_fname+2);
+        if (!p_stat_new)
+          {
+          cdio_warn("Couldn't calloc(1, %d)", sizeof(iso9660_stat_t)+i_rr_fname+2);
+          return NULL;
+          }
+ 	memcpy(p_stat_new, p_stat, stat_len);
+ 	free(p_stat);
+ 	p_stat = p_stat_new;
+@@ -782,11 +792,14 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+       else if (i_joliet_level) {
+ 	int i_inlen = i_fname;
+ 	cdio_utf8_t *p_psz_out = NULL;
+-	cdio_charset_to_utf8(p_iso9660_dir->filename, i_inlen,
+-                             &p_psz_out, "UCS-2BE");
+-        
+-	strncpy(p_stat->filename, p_psz_out, i_fname);
+-	free(p_psz_out);
+	if (cdio_charset_to_utf8(p_iso9660_dir->filename, i_inlen,
+                             &p_psz_out, "UCS-2BE")) {
+          strncpy(p_stat->filename, p_psz_out, i_fname);
+          free(p_psz_out);
+        }
+        else {
+          return NULL;
+        }
+       }
+ #endif /*HAVE_JOLIET*/
+       else {
+@@ -957,6 +970,11 @@ _fs_stat_traverse (const CdIo_t *p_cdio, const iso9660_stat_t *_root,
+     {
+       unsigned int len=sizeof(iso9660_stat_t) + strlen(_root->filename)+1;
+       p_stat = calloc(1, len);
+      if (!p_stat)
+        {
+        cdio_warn("Couldn't calloc(1, %d)", len);
+        return NULL;
+        }
+       memcpy(p_stat, _root, len);
+       return p_stat;
+     }
+@@ -974,6 +992,11 @@ _fs_stat_traverse (const CdIo_t *p_cdio, const iso9660_stat_t *_root,
+     }
+   
+   _dirbuf = calloc(1, _root->secsize * ISO_BLOCKSIZE);
+  if (!p_stat)
+    {
+    cdio_warn("Couldn't calloc(1, %d)", _root->secsize * ISO_BLOCKSIZE);
+    return NULL;
+    }
+ 
+   if (cdio_read_data_sectors (p_cdio, _dirbuf, _root->lsn, ISO_BLOCKSIZE, 
+ 			      _root->secsize))
+@@ -1050,6 +1073,11 @@ _fs_iso_stat_traverse (iso9660_t *p_iso, const iso9660_stat_t *_root,
+       iso9660_stat_t *p_stat;
+       unsigned int len=sizeof(iso9660_stat_t) + strlen(_root->filename)+1;
+       p_stat = calloc(1, len);
+      if (!p_stat)
+        {
+        cdio_warn("Couldn't calloc(1, %d)", len);
+        return NULL;
+        }
+       memcpy(p_stat, _root, len);
+       return p_stat;
+     }
+@@ -1067,6 +1095,11 @@ _fs_iso_stat_traverse (iso9660_t *p_iso, const iso9660_stat_t *_root,
+     }
+   
+   _dirbuf = calloc(1, _root->secsize * ISO_BLOCKSIZE);
+  if (!_dirbuf)
+    {
+    cdio_warn("Couldn't calloc(1, %d)", _root->secsize * ISO_BLOCKSIZE);
+    return NULL;
+    }
+ 
+   ret = iso9660_iso_seek_read (p_iso, _dirbuf, _root->lsn, _root->secsize);
+   if (ret!=ISO_BLOCKSIZE*_root->secsize) return NULL;
+@@ -1269,6 +1302,11 @@ iso9660_fs_readdir (CdIo_t *p_cdio, const char psz_path[], bool b_mode2)
+       }
+ 
+     _dirbuf = calloc(1, p_stat->secsize * ISO_BLOCKSIZE);
+    if (!_dirbuf)
+      {
+      cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);
+      return NULL;
+      }
+ 
+     if (cdio_read_data_sectors (p_cdio, _dirbuf, p_stat->lsn, 
+ 				ISO_BLOCKSIZE, p_stat->secsize))
+@@ -1335,6 +1373,11 @@ iso9660_ifs_readdir (iso9660_t *p_iso, const char psz_path[])
+       }
+ 
+     _dirbuf = calloc(1, p_stat->secsize * ISO_BLOCKSIZE);
+    if (!_dirbuf)
+      {
+        cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);
+        return NULL;
+      }
+ 
+     ret = iso9660_iso_seek_read (p_iso, _dirbuf, p_stat->lsn, p_stat->secsize);
+     if (ret != ISO_BLOCKSIZE*p_stat->secsize) return NULL;
+@@ -1399,6 +1442,11 @@ find_fs_lsn_recurse (CdIo_t *p_cdio, const char psz_path[], lsn_t lsn)
+       if (statbuf->lsn == lsn) {
+ 	unsigned int len=sizeof(iso9660_stat_t)+strlen(statbuf->filename)+1;
+ 	iso9660_stat_t *ret_stat = calloc(1, len);
+	if (!ret_stat)
+	  {
+          cdio_warn("Couldn't calloc(1, %d)", len);
+          return NULL;
+	  }
+ 	memcpy(ret_stat, statbuf, len);
+         _cdio_list_free (entlist, true);
+         _cdio_list_free (dirlist, true);
+@@ -1453,6 +1501,11 @@ find_ifs_lsn_recurse (iso9660_t *p_iso, const char psz_path[], lsn_t lsn)
+       if (statbuf->lsn == lsn) {
+ 	unsigned int len=sizeof(iso9660_stat_t)+strlen(statbuf->filename)+1;
+ 	iso9660_stat_t *ret_stat = calloc(1, len);
+	if (!ret_stat)
+	  {
+          cdio_warn("Couldn't calloc(1, %d)", len);
+          return NULL;
+	  }
+ 	memcpy(ret_stat, statbuf, len);
+         _cdio_list_free (entlist, true);
+         _cdio_list_free (dirlist, true);
+--- libcdio-0.78.2/lib/driver/utf8.c
+++ libcdio-0.78.2/lib/driver/utf8.c
+@@ -120,6 +120,11 @@ do_convert(iconv_t cd, char * src, int src_len,
+   outbytesleft = alloc_size-1;
+ 
+   ret    = malloc(alloc_size);
+  if (ret == NULL)
+    {
+    fprintf(stderr, "Can't malloc(%d).\n", alloc_size);
+    return false;
+    }
+ 
+   inbuf  = src;
+   outbuf = ret;
+@@ -139,11 +144,17 @@ do_convert(iconv_t cd, char * src, int src_len,
+           outbytesleft += BYTES_INCREMENT;
+ 
+           ret = realloc(ret, alloc_size);
+          if (ret == NULL)
+            {
+            fprintf(stderr, "Can't realloc(%d).\n", alloc_size);
+            return false;
+            }
+           outbuf = ret + output_pos;
+           break;
+         default:
+           fprintf(stderr, "Iconv failed: %s\n", strerror(errno));
+-          free(ret);
+          if (ret != NULL)
+            free(ret);
+           return false;
+           break;
+         }
--- a/libcdio-mini.changes
+++ b/libcdio-mini.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 27 18:59:31 CET 2008 - sbrabec@suse.cz
+
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
+
 -------------------------------------------------------------------
 Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz

--- a/libcdio-mini.spec
+++ b/libcdio-mini.spec
@ -10,6 +10,7 @@

 # norootforbuild

+
 Name:           libcdio-mini
 # WARNING: Do not edit this auto generated file.
 #%(sh %{_sourcedir}/libcdio_spec-prepare.sh %{_sourcedir} %{name})
@ -23,7 +24,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        4
+Release:        5
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@ -45,6 +46,7 @@ Provides:       %{_name} = %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
 Patch1:         libcdio-joliet-name-overflow.patch
+Patch2:         libcdio-0.78.2-check-returns.patch

 %description
 This library encapsulates CD-ROM reading and control. Applications
@ -199,6 +201,7 @@ Authors:
 %setup -q -n %{_name}-%{version}
 %patch0
 %patch1
+%patch2 -p1

 %build
 %configure --disable-static --with-pic
@ -297,6 +300,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc

 %changelog
+* Wed Feb 27 2008 sbrabec@suse.cz
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
 * Wed Jan 09 2008 sbrabec@suse.cz
 - Fixed buffer overflows for long Joliet names (#351127).
 * Wed Dec 05 2007 ro@suse.de
--- a/libcdio.changes
+++ b/libcdio.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 27 18:59:31 CET 2008 - sbrabec@suse.cz
+
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
+
 -------------------------------------------------------------------
 Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz

--- a/libcdio.spec
+++ b/libcdio.spec
@ -10,6 +10,7 @@

 # norootforbuild

+
 Name:           libcdio
 # WARNING: After editing this file please call Re or rpmbuild to update spec file:
 #%(sh %{_sourcedir}/libcdio_spec-prepare.sh %{_sourcedir} %{name})
@ -23,7 +24,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        4
+Release:        5
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@ -45,6 +46,7 @@ Provides:       %{_name} = %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
 Patch1:         libcdio-joliet-name-overflow.patch
+Patch2:         libcdio-0.78.2-check-returns.patch

 %description
 This library encapsulates CD-ROM reading and control. Applications
@ -198,6 +200,7 @@ Authors:
 %setup -q -n %{_name}-%{version}
 %patch0
 %patch1
+%patch2 -p1

 %build
 %configure --disable-static --with-pic
@ -296,6 +299,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc

 %changelog
+* Wed Feb 27 2008 sbrabec@suse.cz
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
 * Wed Jan 09 2008 sbrabec@suse.cz
 - Fixed buffer overflows for long Joliet names (#351127).
 * Wed Dec 05 2007 ro@suse.de