rpms/expect
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Use vsnprintf instead of vsprintf to avoid buffer overflow

Browse Source
This commit is contained in:
Vitezslav Crhonek 2013-12-12 15:25:24 +01:00
parent 01ceaa5909
commit 7005ff5330
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
expect-5.45-exp-log-buf-overflow.patch Normal file
View File

@ -0,0 +1,39 @@
diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
--- expect5.45/exp_log.c.orig 2013-12-12 12:43:38.527854189 +0100
+++ expect5.45/exp_log.c 2013-12-12 12:49:26.866576387 +0100
@@ -176,7 +176,7 @@ expStdoutLog TCL_VARARGS_DEF(int,arg1)
if ((!tsdPtr->logUser) && (!force_stdout) && (!tsdPtr->logAll)) return;
- (void) vsprintf(bigbuf,fmt,args);
+ (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
expDiagWriteBytes(bigbuf,-1);
if (tsdPtr->logAll || (LOGUSER && tsdPtr->logChannel)) Tcl_WriteChars(tsdPtr->logChannel,bigbuf,-1);
if (LOGUSER) fprintf(stdout,"%s",bigbuf);
@@ -222,7 +222,7 @@ expErrorLog TCL_VARARGS_DEF(char *,arg1)
va_list args;
fmt = TCL_VARARGS_START(char *,arg1,args);
- (void) vsprintf(bigbuf,fmt,args);
+ (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
expDiagWriteChars(bigbuf,-1);
fprintf(stderr,"%s",bigbuf);
@@ -264,7 +264,7 @@ expDiagLog TCL_VARARGS_DEF(char *,arg1)
fmt = TCL_VARARGS_START(char *,arg1,args);
- (void) vsprintf(bigbuf,fmt,args);
+ (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
expDiagWriteBytes(bigbuf,-1);
if (tsdPtr->diagToStderr) {
@@ -307,7 +307,7 @@ expPrintf TCL_VARARGS_DEF(char *,arg1)
int len, rc;
fmt = TCL_VARARGS_START(char *,arg1,args);
- len = vsprintf(bigbuf,arg1,args);
+ len = vsnprintf(bigbuf,sizeof(bigbuf),arg1,args);
retry:
rc = write(2,bigbuf,len);
if ((rc == -1) && (errno == EAGAIN)) goto retry;

9
expect.spec
View File

@ -5,7 +5,7 @@
Summary: A program-script interaction and testing utility Summary: A program-script interaction and testing utility
Name: expect Name: expect
Version: %{majorver} Version: %{majorver}
Release: 12%{?dist} Release: 13%{?dist}
License: Public Domain License: Public Domain
Group: Development/Languages Group: Development/Languages
# URL: probably more useful is http://sourceforge.net/projects/expect/ # URL: probably more useful is http://sourceforge.net/projects/expect/
@ -23,6 +23,8 @@ Patch2: expect-5.45-man-page.patch
Patch3: expect-5.45-match-gt-numchars-segfault.patch Patch3: expect-5.45-match-gt-numchars-segfault.patch
# Patch4: fixes memory leak when using -re, http://sourceforge.net/p/expect/patches/13/ # Patch4: fixes memory leak when using -re, http://sourceforge.net/p/expect/patches/13/
Patch4: expect-5.45-re-memleak.patch Patch4: expect-5.45-re-memleak.patch
# Patch5: use vsnprintf instead of vsprintf to avoid buffer overflow
Patch5: expect-5.45-exp-log-buf-overflow.patch
# examples patches # examples patches
# Patch100: changes random function # Patch100: changes random function
Patch100: expect-5.32.2-random.patch Patch100: expect-5.32.2-random.patch
@ -81,6 +83,7 @@ of expectk.
%patch2 -p1 -b .man-page %patch2 -p1 -b .man-page
%patch3 -p1 -b .match-gt-numchars-segfault %patch3 -p1 -b .match-gt-numchars-segfault
%patch4 -p1 -b .re-memleak %patch4 -p1 -b .re-memleak
%patch5 -p1 -b .exp-log-buf-overflow
# examples fixes # examples fixes
%patch100 -p1 -b .random %patch100 -p1 -b .random
%patch101 -p1 -b .mkpasswd-dash %patch101 -p1 -b .mkpasswd-dash
@ -170,6 +173,10 @@ rm -rf "$RPM_BUILD_ROOT"
%{_mandir}/man1/tknewsbiff.1* %{_mandir}/man1/tknewsbiff.1*
%changelog %changelog
* Thu Dec 12 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 5.45-13
- Use vsnprintf instead of vsprintf to avoid buffer overflow
(it happens e.g. when running systemtap testsuite)
* Wed Oct 02 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 5.45-12 * Wed Oct 02 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 5.45-12
- Fix memory leak when using -re option - Fix memory leak when using -re option