Use vsnprintf instead of vsprintf to avoid buffer overflow

2013-12-12 15:25:24 +01:00 · 2013-12-12 15:25:24 +01:00 · 7005ff5330
commit 7005ff5330
parent 01ceaa5909
2 changed files with 47 additions and 1 deletions
--- a/expect-5.45-exp-log-buf-overflow.patch
+++ b/expect-5.45-exp-log-buf-overflow.patch
@ -0,0 +1,39 @@
+diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
+--- expect5.45/exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
+++ expect5.45/exp_log.c	2013-12-12 12:49:26.866576387 +0100
+@@ -176,7 +176,7 @@ expStdoutLog TCL_VARARGS_DEF(int,arg1)
+ 
+     if ((!tsdPtr->logUser) && (!force_stdout) && (!tsdPtr->logAll)) return;
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
+    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->logAll || (LOGUSER && tsdPtr->logChannel)) Tcl_WriteChars(tsdPtr->logChannel,bigbuf,-1);
+     if (LOGUSER) fprintf(stdout,"%s",bigbuf);
+@@ -222,7 +222,7 @@ expErrorLog TCL_VARARGS_DEF(char *,arg1)
+     va_list args;
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+-    (void) vsprintf(bigbuf,fmt,args);
+    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteChars(bigbuf,-1);
+     fprintf(stderr,"%s",bigbuf);
+@@ -264,7 +264,7 @@ expDiagLog TCL_VARARGS_DEF(char *,arg1)
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
+    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->diagToStderr) {
+@@ -307,7 +307,7 @@ expPrintf TCL_VARARGS_DEF(char *,arg1)
+   int len, rc;
+ 
+   fmt = TCL_VARARGS_START(char *,arg1,args);
+-  len = vsprintf(bigbuf,arg1,args);
+  len = vsnprintf(bigbuf,sizeof(bigbuf),arg1,args);
+  retry:
+   rc = write(2,bigbuf,len);
+   if ((rc == -1) && (errno == EAGAIN)) goto retry;
--- a/expect.spec
+++ b/expect.spec
@ -5,7 +5,7 @@
 Summary: A program-script interaction and testing utility
 Name: expect
 Version: %{majorver}
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: Public Domain
 Group: Development/Languages
 # URL: probably more useful is http://sourceforge.net/projects/expect/
@ -23,6 +23,8 @@ Patch2: expect-5.45-man-page.patch
 Patch3: expect-5.45-match-gt-numchars-segfault.patch
 # Patch4: fixes memory leak when using -re, http://sourceforge.net/p/expect/patches/13/
 Patch4: expect-5.45-re-memleak.patch
+# Patch5: use vsnprintf instead of vsprintf to avoid buffer overflow
+Patch5: expect-5.45-exp-log-buf-overflow.patch
 # examples patches
 # Patch100: changes random function
 Patch100: expect-5.32.2-random.patch
@ -81,6 +83,7 @@ of expectk.
 %patch2 -p1 -b .man-page
 %patch3 -p1 -b .match-gt-numchars-segfault
 %patch4 -p1 -b .re-memleak
+%patch5 -p1 -b .exp-log-buf-overflow
 # examples fixes
 %patch100 -p1 -b .random
 %patch101 -p1 -b .mkpasswd-dash
@ -170,6 +173,10 @@ rm -rf "$RPM_BUILD_ROOT"
 %{_mandir}/man1/tknewsbiff.1*

 %changelog
+* Thu Dec 12 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 5.45-13
+- Use vsnprintf instead of vsprintf to avoid buffer overflow
+  (it happens e.g. when running systemtap testsuite)
+
 * Wed Oct 02 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 5.45-12
 - Fix memory leak when using -re option