From 9d39d84eb4c07edc0776ad801763a334f93017f9 Mon Sep 17 00:00:00 2001 From: Nikola Pajkovsky Date: Thu, 16 Jul 2009 10:28:09 +0000 Subject: [PATCH] fix buffer overflow --- cdrkit-1.1.9-buffer_overflow.patch | 67 ++++++++++++++++++++++++++++++ cdrkit.spec | 13 ++++-- 2 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 cdrkit-1.1.9-buffer_overflow.patch diff --git a/cdrkit-1.1.9-buffer_overflow.patch b/cdrkit-1.1.9-buffer_overflow.patch new file mode 100644 index 0000000..8ecb270 --- /dev/null +++ b/cdrkit-1.1.9-buffer_overflow.patch @@ -0,0 +1,67 @@ +Pouze v master-1.1.9/wodim: isosize.c.werror +diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c +--- origin-1.1.9/wodim/scsi_cdr.c 2008-02-25 12:14:07.000000000 +0100 ++++ master-1.1.9/wodim/scsi_cdr.c 2009-07-16 12:01:29.000000000 +0200 +@@ -2181,26 +2181,30 @@ + if (inq->add_len == 0) { + if (usalp->dev == DEV_UNKNOWN && got_inquiry) { + usalp->dev = DEV_ACB5500; +- strcpy(inq->vendor_info, +- "ADAPTEC ACB-5500 FAKE"); ++ strncpy(inq->vendor_info, "ADAPTEC ", 8); ++ strncpy(inq->prod_ident,"ACB-5500 ", 16); ++ strncpy(inq->prod_revision, "FAKE", 4); + + } else switch (usalp->dev) { +- + case DEV_ACB40X0: +- strcpy(inq->vendor_info, +- "ADAPTEC ACB-40X0 FAKE"); ++ strncpy(inq->vendor_info, "ADAPTEC ", 8); ++ strncpy(inq->prod_ident, "ACB-40X0 ",16); ++ strncpy(inq->prod_revision, "FAKE", 4); + break; + case DEV_ACB4000: +- strcpy(inq->vendor_info, +- "ADAPTEC ACB-4000 FAKE"); ++ strncpy(inq->vendor_info, "ADAPTEC ",8); ++ strncpy(inq->prod_ident, "ACB-4000 ",16); ++ strncpy(inq->prod_revision, "FAKE",4); + break; + case DEV_ACB4010: +- strcpy(inq->vendor_info, +- "ADAPTEC ACB-4010 FAKE"); ++ strncpy(inq->vendor_info, "ADAPTEC ",8); ++ strncpy(inq->prod_ident, "ACB-4010 ",16); ++ strncpy(inq->prod_revision, "FAKE",4); + break; + case DEV_ACB4070: +- strcpy(inq->vendor_info, +- "ADAPTEC ACB-4070 FAKE"); ++ strncpy(inq->vendor_info,"ADAPTEC ",8); ++ strncpy(inq->prod_ident, "ACB-4070 ", 16); ++ strncpy(inq->prod_revision, "FAKE",4 ); + break; + } + } else if (inq->add_len < 31) { +@@ -2230,14 +2234,16 @@ + + case INQ_SEQD: + if (usalp->dev == DEV_SC4000) { +- strcpy(inq->vendor_info, +- "SYSGEN SC4000 FAKE"); ++ strncpy(inq->vendor_info,"SYSGEN ",8); ++ strncpy(inq->prod_ident, "SC4000 ",16); ++ strncpy(inq->prod_revision, "FAKE",4); + } else if (inq->add_len == 0 && + inq->removable && + inq->ansi_version == 1) { + usalp->dev = DEV_MT02; +- strcpy(inq->vendor_info, +- "EMULEX MT02 FAKE"); ++ strncpy(inq->vendor_info,"EMULEX ",8); ++ strncpy(inq->prod_ident, "MT02 ",16); ++ strncpy(inq->prod_revision, "FAKE",4); + } + break; + diff --git a/cdrkit.spec b/cdrkit.spec index bfded5f..d1a6a50 100644 --- a/cdrkit.spec +++ b/cdrkit.spec @@ -1,7 +1,7 @@ Summary: A collection of CD/DVD utilities Name: cdrkit Version: 1.1.9 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: Applications/System URL: http://cdrkit.org/ @@ -11,6 +11,7 @@ Patch1: cdrkit-1.1.8-werror.patch Patch2: cdrkit-1.1.9-efi-boot.patch Patch3: cdrkit-1.1.9-types.patch Patch4: cdrkit-1.1.9-no_mp3.patch +Patch5: cdrkit-1.1.9-buffer_overflow.patch BuildRequires: cmake libcap-devel zlib-devel perl file-devel bzip2-devel @@ -84,6 +85,7 @@ rates. Icedax can also be used as a CD player. %patch2 -p1 -b .efi %patch3 -p1 -b .types %patch4 -p1 -b .no_mp3 +%patch5 -p1 -b .buffer_overflow find . -type f -print0 | xargs -0 perl -pi -e 's#/usr/local/bin/perl#/usr/bin/perl#g' find doc -type f -print0 | xargs -0 chmod a-x @@ -97,8 +99,10 @@ export CXXFLAGS="$CFLAGS" export FFLAGS="$CFLAGS" cmake .. \ -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \ - -DBUILD_SHARED_LIBS:BOOL=ON -make VERBOSE=1 %{?_smp_mflags} + -DBUILD_SHARED_LIBS:BOOL=ON \ + --debug-output \ + --trace +make VERBOSE=2 %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT @@ -226,6 +230,9 @@ fi %{_mandir}/man1/dirsplit.* %changelog +* Thu Jul 16 2009 Nikola Pajkovsky 1.1.9-8 +- fix buffer overflow + * Fri Jul 10 2009 Adam Jackson 1.1.9-7 - Move dirsplit to a subpackage to isolate the perl dependency.