Fix undefined behavior in config parser

2016-07-21 18:57:26 +02:00 · 2016-07-21 18:57:26 +02:00 · 44f5b8c9ee
commit 44f5b8c9ee
parent 3926c0e434
2 changed files with 41 additions and 1 deletions
--- a/0001-usb_modeswitch-don-t-return-a-value-from-stack.patch
+++ b/0001-usb_modeswitch-don-t-return-a-value-from-stack.patch
@ -0,0 +1,34 @@
+From 93686f8ba8c1ed6bf559dbfda53f9c7d702c76b5 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Thu, 21 Jul 2016 18:13:58 +0200
+Subject: [PATCH] usb_modeswitch: don't return a value from stack
+
+The memory is not allocated anymore when the function returns and that
+causes no end of mayhem and undefined behavior.
+
+Let's make it static so that it's perserved after the return. It wastes
+LINE_DIM bytes of memory and requires the caller to consume the value
+before another call, but that's no problem.
+
+http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2557
+---
+ usb_modeswitch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/usb_modeswitch.c b/usb_modeswitch.c
+index f9c8b2e..3373ccf 100644
+--- a/usb_modeswitch.c
+++ b/usb_modeswitch.c
+@@ -1855,7 +1855,8 @@ char* ReadParseParam(const char* FileName, char *VariableName)
+ 	char *FirstQuote, *LastQuote, *P1, *P2;
+ 	int Line=0;
+ 	unsigned Len=0, Pos=0;
+-	char Str[LINE_DIM], *token, *configPos;
+	static char Str[LINE_DIM];
+	char *token, *configPos;
+ 	FILE *file = NULL;
+ 
+ 	// Reading and storing input during the first call
+-- 
+2.7.4
+
--- a/usb_modeswitch.spec
+++ b/usb_modeswitch.spec
@ -2,7 +2,7 @@

 Name:		usb_modeswitch
 Version:	2.4.0
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	USB Modeswitch gets mobile broadband cards in operational mode
 Summary(de):	USB Modeswitch aktiviert UMTS-Karten
 Group:		Applications/System
@ -18,6 +18,8 @@ Patch0: rhbz948451-fix-manual-pages.patch
 Patch1: device_reference-utf8.patch
 # http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2556
 Patch2: 0001-Fix-crash-on-early-fail.patch
+# http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2557
+Patch3: 0001-usb_modeswitch-don-t-return-a-value-from-stack.patch

 BuildRequires:	libusbx-devel
 BuildRequires:	jimtcl-devel
@ -46,6 +48,7 @@ cp -f %{SOURCE1} device_reference.txt
 %patch0 -p1 -b .manpage
 %patch1 -p0 -b .utf8
 %patch2 -p1 -b .libusb_exit
+%patch3 -p1 -b .stack


 %build
@ -72,6 +75,9 @@ make install \


 %changelog
+* Thu Jul 21 2016 Lubomir Rintel <lkundrak@v3.sk> - 2.4.0-3
+- Fix undefined behavior in config parser (rh #1352055)
+
 * Wed Jul 20 2016 Lubomir Rintel <lkundrak@v3.sk> - 2.4.0-2
 - Add the previously omitted systemd service file (rh #1352055)
 - Fix crash with invalid arguments (rh #1358472)