From e88bd4605eb04ff16cda5b565ff424e8c9fd55be Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 9 Jul 2007 18:00:30 +0000 Subject: [PATCH] - powertop-1.7-strncpy.patch: Use strncpy() to avoid stack smash. Patch from Till Maas. (#246796) --- powertop-1.7-strncpy.patch | 78 ++++++++++++++++++++++++++++++++++++++ powertop.spec | 8 +++- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 powertop-1.7-strncpy.patch diff --git a/powertop-1.7-strncpy.patch b/powertop-1.7-strncpy.patch new file mode 100644 index 0000000..921189e --- /dev/null +++ b/powertop-1.7-strncpy.patch @@ -0,0 +1,78 @@ +diff -u powertop-1.7.orig/display.c powertop-1.7/display.c +--- powertop-1.7.orig/display.c 2007-06-18 03:16:33.000000000 +0200 ++++ powertop-1.7/display.c 2007-07-05 02:43:51.000000000 +0200 +@@ -44,7 +44,7 @@ + static WINDOW *status_bar_window; + + +-char status_bar_slots[10][40]; ++char status_bar_slots[STATUS_BAR_NR_SLOTS][STATUS_BAR_SLOTSIZE + 1]; + + static void cleanup_curses(void) { + endwin(); +@@ -104,8 +104,8 @@ + suggestion_window = subwin(stdscr, 3, maxx, maxy-4, 0); + status_bar_window = subwin(stdscr, 1, maxx, maxy-1, 0); + +- strcpy(status_bar_slots[0], _(" Q - Quit ")); +- strcpy(status_bar_slots[1], _(" R - Refresh ")); ++ strncpy(status_bar_slots[0], _(" Q - Quit "), STATUS_BAR_SLOTSIZE); ++ strncpy(status_bar_slots[1], _(" R - Refresh "), STATUS_BAR_SLOTSIZE); + + werase(stdscr); + refresh(); +@@ -148,7 +148,7 @@ + werase(status_bar_window); + + x = 0; +- for (i=0; i<10; i++) { ++ for (i=0; i < STATUS_BAR_NR_SLOTS; i++) { + if (strlen(status_bar_slots[i])==0) + continue; + wattron(status_bar_window, A_REVERSE); +Gemeinsame Unterverzeichnisse: powertop-1.7.orig/po und powertop-1.7/po. +diff -u powertop-1.7.orig/powertop.h powertop-1.7/powertop.h +--- powertop-1.7.orig/powertop.h 2007-06-17 08:21:37.000000000 +0200 ++++ powertop-1.7/powertop.h 2007-07-05 02:39:53.000000000 +0200 +@@ -64,7 +64,10 @@ + extern int topcstate; + extern int topfreq; + +-extern char status_bar_slots[10][40]; ++#define STATUS_BAR_NR_SLOTS 10 ++#define STATUS_BAR_SLOTSIZE 40 ++char status_bar_slots[STATUS_BAR_NR_SLOTS][STATUS_BAR_SLOTSIZE + 1]; ++ + extern char suggestion_key; + extern suggestion_func *suggestion_activate; + +diff -u powertop-1.7.orig/suggestions.c powertop-1.7/suggestions.c +--- powertop-1.7.orig/suggestions.c 2007-06-08 07:33:13.000000000 +0200 ++++ powertop-1.7/suggestions.c 2007-07-05 02:42:59.000000000 +0200 +@@ -70,7 +70,7 @@ + ptr = next; + } + suggestions = NULL; +- strcpy(status_bar_slots[9],""); ++ strncpy(status_bar_slots[9], "", STATUS_BAR_SLOTSIZE); + suggestion_key = 255; + suggestion_activate = NULL; + total_weight = 0; +@@ -103,7 +103,7 @@ + int value, running = 0; + struct suggestion *ptr; + +- strcpy(status_bar_slots[9],""); ++ strncpy(status_bar_slots[9], "", STATUS_BAR_SLOTSIZE); + suggestion_key = 255; + suggestion_activate = NULL; + +@@ -119,7 +119,7 @@ + running += ptr->weight; + if (running > value) { + if (ptr->keystring) +- strcpy(status_bar_slots[9],ptr->keystring); ++ strncpy(status_bar_slots[9], ptr->keystring, STATUS_BAR_SLOTSIZE); + suggestion_key = ptr->key; + suggestion_activate = ptr->func; + show_suggestion(ptr->string); diff --git a/powertop.spec b/powertop.spec index fc2c3d5..65c3559 100644 --- a/powertop.spec +++ b/powertop.spec @@ -1,6 +1,6 @@ Name: powertop Version: 1.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Power consumption monitor Group: Applications/System @@ -13,6 +13,7 @@ BuildRequires: gettext BuildRequires: ncurses-devel Patch0: powertop-1.7-less-gpm-slander-plz.patch +Patch1: powertop-1.7-strncpy.patch %description PowerTOP is a tool that finds the software component(s) that make your @@ -21,6 +22,7 @@ computer use more power than necessary while it is idle. %prep %setup -q %patch0 -p1 -b .g-p-m +%patch1 -p1 -b .strncpy %build export CFLAGS="$RPM_OPT_FLAGS" @@ -41,6 +43,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/powertop.1* %changelog +* Mon Jul 09 2007 Adam Jackson 1.7-3 +- powertop-1.7-strncpy.patch: Use strncpy() to avoid stack smash. Patch from + Till Maas. (#246796) + * Thu Jul 05 2007 Adam Jackson 1.7-2 - Don't suggest disabling g-p-m. Any additional power consumption is more than offset by the ability to suspend.