From 44f5b8c9ee570e43888589785ec7849ce23a6f9f Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 21 Jul 2016 18:57:26 +0200 Subject: [PATCH] Fix undefined behavior in config parser --- ...itch-don-t-return-a-value-from-stack.patch | 34 +++++++++++++++++++ usb_modeswitch.spec | 8 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 0001-usb_modeswitch-don-t-return-a-value-from-stack.patch diff --git a/0001-usb_modeswitch-don-t-return-a-value-from-stack.patch b/0001-usb_modeswitch-don-t-return-a-value-from-stack.patch new file mode 100644 index 0000000..afe92a4 --- /dev/null +++ b/0001-usb_modeswitch-don-t-return-a-value-from-stack.patch @@ -0,0 +1,34 @@ +From 93686f8ba8c1ed6bf559dbfda53f9c7d702c76b5 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Thu, 21 Jul 2016 18:13:58 +0200 +Subject: [PATCH] usb_modeswitch: don't return a value from stack + +The memory is not allocated anymore when the function returns and that +causes no end of mayhem and undefined behavior. + +Let's make it static so that it's perserved after the return. It wastes +LINE_DIM bytes of memory and requires the caller to consume the value +before another call, but that's no problem. + +http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2557 +--- + usb_modeswitch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/usb_modeswitch.c b/usb_modeswitch.c +index f9c8b2e..3373ccf 100644 +--- a/usb_modeswitch.c ++++ b/usb_modeswitch.c +@@ -1855,7 +1855,8 @@ char* ReadParseParam(const char* FileName, char *VariableName) + char *FirstQuote, *LastQuote, *P1, *P2; + int Line=0; + unsigned Len=0, Pos=0; +- char Str[LINE_DIM], *token, *configPos; ++ static char Str[LINE_DIM]; ++ char *token, *configPos; + FILE *file = NULL; + + // Reading and storing input during the first call +-- +2.7.4 + diff --git a/usb_modeswitch.spec b/usb_modeswitch.spec index 4ebd909..d5a8c0c 100644 --- a/usb_modeswitch.spec +++ b/usb_modeswitch.spec @@ -2,7 +2,7 @@ Name: usb_modeswitch Version: 2.4.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: USB Modeswitch gets mobile broadband cards in operational mode Summary(de): USB Modeswitch aktiviert UMTS-Karten Group: Applications/System @@ -18,6 +18,8 @@ Patch0: rhbz948451-fix-manual-pages.patch Patch1: device_reference-utf8.patch # http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2556 Patch2: 0001-Fix-crash-on-early-fail.patch +# http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2557 +Patch3: 0001-usb_modeswitch-don-t-return-a-value-from-stack.patch BuildRequires: libusbx-devel BuildRequires: jimtcl-devel @@ -46,6 +48,7 @@ cp -f %{SOURCE1} device_reference.txt %patch0 -p1 -b .manpage %patch1 -p0 -b .utf8 %patch2 -p1 -b .libusb_exit +%patch3 -p1 -b .stack %build @@ -72,6 +75,9 @@ make install \ %changelog +* Thu Jul 21 2016 Lubomir Rintel - 2.4.0-3 +- Fix undefined behavior in config parser (rh #1352055) + * Wed Jul 20 2016 Lubomir Rintel - 2.4.0-2 - Add the previously omitted systemd service file (rh #1352055) - Fix crash with invalid arguments (rh #1358472)