From 8342ed730fe4b2874a9c286cca8d6036a8f66684 Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Thu, 14 Feb 2008 08:35:41 +0000 Subject: [PATCH] guard against out-of-bounds string access in fujitsu backend (#429338, patch by Caolan McNamara) --- sane-backends-1.0.18-string-oob.patch | 13 +++++++++++++ sane-backends.spec | 8 +++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 sane-backends-1.0.18-string-oob.patch diff --git a/sane-backends-1.0.18-string-oob.patch b/sane-backends-1.0.18-string-oob.patch new file mode 100644 index 0000000..bfdbd40 --- /dev/null +++ b/sane-backends-1.0.18-string-oob.patch @@ -0,0 +1,13 @@ +diff -ur sane-backends-1.0.18.orig/backend/fujitsu.c sane-backends-1.0.18/backend/fujitsu.c +--- sane-backends-1.0.18.orig/backend/fujitsu.c 2008-01-18 19:38:27.000000000 +0000 ++++ sane-backends-1.0.18/backend/fujitsu.c 2008-01-18 19:47:13.000000000 +0000 +@@ -416,6 +416,9 @@ + + /* delete newline characters at end */ + len = strlen (line); ++ if (!len) ++ continue; ++ + if (line[len - 1] == '\n') + line[--len] = '\0'; + diff --git a/sane-backends.spec b/sane-backends.spec index 665e8f0..5acaef1 100644 --- a/sane-backends.spec +++ b/sane-backends.spec @@ -22,7 +22,7 @@ Summary: Scanner access software Name: sane-backends Version: 1.0.19 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL (programs), relaxed LGPL (libraries), and public domain (docs) Group: System Environment/Libraries Source0: ftp://ftp.sane-project.org/pub/sane/%{name}-%{version}/%{name}-%{version}.tar.gz @@ -33,6 +33,7 @@ Patch1: sane-backends-1.0.18-rpath.patch Patch2: sane-backends-1.0.19-pkgconfig.patch Patch3: sane-backends-1.0.18-glibc-2.7.patch Patch4: sane-backends-1.0.19-policykit.patch +Patch5: sane-backends-1.0.18-string-oob.patch URL: http://www.sane-project.org BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%__id_u -n) BuildRequires: tetex-latex @@ -117,6 +118,7 @@ want to access digital cameras. %patch2 -p1 -b .pkgconfig %patch3 -p1 -b .glibc-2.7 %patch4 -p1 -b .policykit +%patch5 -p1 -b .string-oob for i in agfafocus avision coolscan2 umax_pp; do iconv -f iso-8859-1 -t utf-8 < "doc/sane-$i.man" > "doc/sane-$i.man_" @@ -235,6 +237,10 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/sane-backends.pc %changelog +* Thu Feb 14 2008 Nils Philippsen - 1.0.19-4 +- guard against out-of-bounds string access in fujitsu backend (#429338, patch + by Caolan McNamara) + * Wed Feb 13 2008 Nils Philippsen - 1.0.19-3 - add HAL policy for SCSI scanners