- fixed string overflow in vtoc_volume_label_init (#525318)

This commit is contained in:
Dan Horák 2009-09-24 08:49:06 +00:00
parent 6a1d463f53
commit 9a4f37d7ed
2 changed files with 36 additions and 1 deletions

View File

@ -0,0 +1,28 @@
From 664ab55f566e46c31806b25a976dea444a7976a3 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Thu, 24 Sep 2009 09:12:39 +0200
Subject: [PATCH] fix string overflow in vtoc_volume_label_init
Originaly it tries to copy a 84B string into 4B field and reset also
the other fields thru the overflow. This doesn't work with recent GCC
and the security-related compile flags that are used in Fedora.
---
libvtoc/vtoc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libvtoc/vtoc.c b/libvtoc/vtoc.c
index 62a02a0..cebd5a4 100644
--- a/libvtoc/vtoc.c
+++ b/libvtoc/vtoc.c
@@ -326,7 +326,7 @@ void vtoc_volume_label_init (volume_label_t *vlabel)
{
sprintf(buffer, "%84s", " ");
vtoc_ebcdic_enc(buffer, buffer, 84);
- strncpy(vlabel->volkey, buffer, 84);
+ memcpy(vlabel, buffer, 84);
}
--
1.6.3.3

View File

@ -8,7 +8,7 @@ Name: s390utils
Summary: Utilities and daemons for IBM System/z Summary: Utilities and daemons for IBM System/z
Group: System Environment/Base Group: System Environment/Base
Version: 1.8.1 Version: 1.8.1
Release: 3%{?dist} Release: 4%{?dist}
Epoch: 2 Epoch: 2
License: GPLv2 and GPLv2+ and CPL License: GPLv2 and GPLv2+ and CPL
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -45,6 +45,7 @@ Patch18: 0018-s390-tools-1.8.1-ziomon-new-blkiomon.patch
Patch19: 0019-s390-tools-1.8.1-lsluns-disk-enc.patch Patch19: 0019-s390-tools-1.8.1-lsluns-disk-enc.patch
Patch20: 0020-s390-tools-1.8.1-cpuplugd-cmminit.patch Patch20: 0020-s390-tools-1.8.1-cpuplugd-cmminit.patch
Patch21: 0021-s390-tools-1.8.1-lszfcp-perf.patch Patch21: 0021-s390-tools-1.8.1-lszfcp-perf.patch
Patch22: 0022-fix-string-overflow-in-vtoc_volume_label_init.patch
Patch100: cmsfs-1.1.8-warnings.patch Patch100: cmsfs-1.1.8-warnings.patch
Patch101: cmsfs-1.1.8-kernel26.patch Patch101: cmsfs-1.1.8-kernel26.patch
@ -122,6 +123,9 @@ be used together with the zSeries (s390) Linux kernel and device drivers.
# Check only ZFCP devices in lszfcp (#518669) # Check only ZFCP devices in lszfcp (#518669)
%patch21 -p1 -b .lszfcp-perf %patch21 -p1 -b .lszfcp-perf
# Fix string overflow in vtoc_volume_label_init (#525318)
%patch22 -p1 -b .vtoc-label
# #
# cmsfs # cmsfs
# #
@ -766,6 +770,9 @@ User-space development files for the s390/s390x architecture.
%changelog %changelog
* Thu Sep 24 2009 Dan Horák <dan[at]danny.cz> 2:1.8.1-4
- fixed string overflow in vtoc_volume_label_init (#525318)
* Thu Sep 3 2009 Dan Horák <dan[at]danny.cz> 2:1.8.1-3 * Thu Sep 3 2009 Dan Horák <dan[at]danny.cz> 2:1.8.1-3
- create devel subpackage with some useful headers - create devel subpackage with some useful headers
- preserving timestamps on installed files - preserving timestamps on installed files