Attachment 26612 Details for Bug 63576

Security update for file-3.37

file-3.37-security.dif (text/plain), 1.57 KB, created by Dr. Werner Fink on 2004-12-01 01:48:39 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Dr. Werner Fink

Created: 2004-12-01 01:48:39 UTC

Size: 1.57 KB

patch

obsolete

>--- readelf.c
>+++ readelf.c	Tue Nov 30 17:36:52 2004
>@@ -113,6 +113,9 @@
> #define ph_offset	(class == ELFCLASS32		\
> 			 ? getu32(swap, ph32.p_offset)	\
> 			 : getu64(swap, ph64.p_offset))
>+#define ph_filesz	(class == ELFCLASS32		\
>+			 ? getu32(swap, ph32.p_filesz)	\
>+			 : getu64(swap, ph64.p_filesz))
> #define nh_size		(class == ELFCLASS32		\
> 			 ? sizeof *nh32			\
> 			 : sizeof *nh64)
>@@ -268,7 +271,7 @@
> 		 */
> 		if (lseek(fd, (off_t) ph_offset, SEEK_SET) == -1)
> 			error("lseek failed (%s).\n", strerror(errno));
>-		bufsize = read(fd, nbuf, BUFSIZ);
>+		bufsize = read(fd, nbuf, ((ph_filesz < BUFSIZ) ? ph_filesz : BUFSIZ));
> 		if (bufsize == -1)
> 			error(": " "read failed (%s).\n", strerror(errno));
> 		offset = 0;
>--- softmagic.c
>+++ softmagic.c	Tue Nov 30 17:39:06 2004
>@@ -387,27 +387,27 @@
> 		return 1;
> 	case STRING:
> 		{
>-			int n;
>+			size_t len;
> 
> 			/* Null terminate and eat *trailing* return */
> 			p->s[sizeof(p->s) - 1] = '\0';
>-			n = strlen(p->s) - 1;
>-			if (p->s[n] == '\n')
>-				p->s[n] = '\0';
>+			len = strlen(p->s);
>+			if (len-- && p->s[len] == '\n')
>+				p->s[len] = '\0';
> 			return 1;
> 		}
> 	case PSTRING:
> 		{
> 			char *ptr1 = p->s, *ptr2 = ptr1 + 1;
>-			int n = *p->s;
>-			if (n >= sizeof(p->s))
>-				n = sizeof(p->s) - 1;
>-			while (n--)
>+			size_t len = *p->s;
>+			if (len >= sizeof(p->s))
>+				len = sizeof(p->s) - 1;
>+			while (len--)
> 				*ptr1++ = *ptr2++;
> 			*ptr1 = '\0';
>-			n = strlen(p->s) - 1;
>-			if (p->s[n] == '\n')
>-				p->s[n] = '\0';
>+			len = strlen(p->s);
>+			if (len-- && p->s[len] == '\n')
>+				p->s[len] = '\0';
> 			return 1;
> 		}
> 	case BESHORT:

Actions: View

Attachments on bug 63576: 26516 | 26576 | 26577 | 26580 | 26581 | 26582 | 26583 | 26584 | 26602 | 26612 | 26613 | 26614 | 26615