fix buffer overflow, bug 768803

Signed-off-by: Anton Arapov <anton@redhat.com>

microcode_ctl-1.17-getopt.patch

@@ -0,0 +1,23 @@
+diff -up microcode_ctl-1.17/microcode_ctl.c.getopt microcode_ctl-1.17/microcode_ctl.c
+--- microcode_ctl-1.17/microcode_ctl.c.getopt	2011-12-22 13:15:55.073783568 +0100
++++ microcode_ctl-1.17/microcode_ctl.c	2011-12-22 13:14:22.000000000 +0100
+@@ -151,7 +151,8 @@ int main(int argc, char *argv[])
+ 				break;
+ 
+ 			case 'd':
+-				strcpy(device, optarg);
++				strncpy(device, optarg, sizeof(device));
++				device[sizeof(device)-1] = '\0'; /* ensure null terminated */
+ 				break;
+ 
+ 			case 'u': /* do a microcode upload */
+@@ -160,7 +161,8 @@ int main(int argc, char *argv[])
+ 
+ 			case 'f': /* set microcode file to optarg and upload */
+ 				upload++;
+-				strcpy(filename, optarg);
++				strncpy(filename, optarg, sizeof(filename));
++				filename[sizeof(filename)-1] = '\0'; /* ensure null terminated */
+ 				break;
+ 
+ 			case '?':

microcode_ctl.spec

@@ -1,7 +1,7 @@
 Summary:        Tool to update x86/x86-64 CPU microcode.
 Name:           microcode_ctl
 Version:        1.17
-Release:        20%{?dist}
+Release:        21%{?dist}
 Epoch:          1
 Group:          System Environment/Base
 License:        GPLv2+ and Redistributable, no modification permitted
@@ -23,6 +23,7 @@ ExclusiveArch:  %{ix86} x86_64
 
 Patch1: microcode_ctl.patch
 Patch2: microcode_ctl-manpage-0.patch
+Patch3: microcode_ctl-1.17-getopt.patch
 
 %description
 microcode_ctl - updates the microcode on Intel and AMD x86/x86-64 CPU's
@@ -31,6 +32,7 @@ microcode_ctl - updates the microcode on Intel and AMD x86/x86-64 CPU's
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 tar xf %{SOURCE3}
 
 %build
@@ -83,6 +85,9 @@ exit 0
 
 
 %changelog
+* Thu Dec 22 2011 Anton Arapov <anton@redhat.com> 1.17-21
+- Fix a segfault that may be triggered by very long parameter [#768803]
+
 * Tue Dec 13 2011 Anton Arapov <anton@redhat.com> 1.17-20
 - Update to microcode-20111110.dat