Mercurial Mercurial > upstream > oracle > spec-files / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2011-09-24 Jeff Cai <[email protected]> gnome-2-30 NEVADA_175
authorqc161282
Sat, 24 Sep 2011 02:52:34 +0000
branchgnome-2-30
changeset 22143 b42bf89801c3
parent 22142 bdddf431832d
child 22147 ebb60516c098
2011-09-24 Jeff Cai <[email protected]> * base-specs/libtasn1.spec: * patches/libtasn1-01-buffer-overflow.diff: Fix bug #7093667
ChangeLog file | annotate | diff | comparison | revisions
base-specs/libtasn1.spec file | annotate | diff | comparison | revisions
patches/libtasn1-01-buffer-overflow.diff file | annotate | diff | comparison | revisions 
--- a/ChangeLog	Fri Sep 23 15:19:12 2011 +0000
+++ b/ChangeLog	Sat Sep 24 02:52:34 2011 +0000
@@ -1,3 +1,8 @@
+2011-09-24  Jeff Cai <[email protected]>
+
+	* base-specs/libtasn1.spec:
+	* patches/libtasn1-01-buffer-overflow.diff: Fix bug #7093667
+
 2011-09-24  Laszlo (Laca) Peter  <[email protected]>
 
 	* specs/SUNWcompiz.spec: add gnome-incorporation build dep for sparc
--- a/base-specs/libtasn1.spec	Fri Sep 23 15:19:12 2011 +0000
+++ b/base-specs/libtasn1.spec	Sat Sep 24 02:52:34 2011 +0000
@@ -24,6 +24,9 @@
 
 Summary:	Libtasn is a library C for manipulating ASN.1 objects.
 
+# date:2011-09-02 owner:qc161282 bugster:7085293 type:bug
+Patch1:       libtasn1-01-buffer-overflow.diff
+
 %description
 Libtasn is a library written in C for manipulating ASN.1 objects including 
 DER/BER encoding and DER/BER decoding. Libtasn is used by GnuTLS to manipulate X.509 objects and by GNU Shishi to handle Kerberos V5 packets.
@@ -44,6 +47,7 @@
 
 %prep
 %setup  -q -n %{name}-%{version}
+%patch1 -p1
 
 %build
 %ifos linux
@@ -81,6 +85,8 @@
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Fri Sep 02 2011 - [email protected]
+- Add patch -01-buffer-overflow to fix security bug #7085293 and #7093667.
 * Thu Oct 28 2010 - [email protected]
 - Bump to 2.8.
 * Wed Jun 02 2010 - [email protected]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/libtasn1-01-buffer-overflow.diff	Sat Sep 24 02:52:34 2011 +0000
@@ -0,0 +1,35 @@
+ lib/coding.c |   13 +++++++++----
+ 1 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/lib/coding.c b/lib/coding.c
+index 111e063..367dada 100644
+--- a/lib/coding.c
++++ b/lib/coding.c
+@@ -253,18 +253,23 @@ static asn1_retCode
+ _asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
+ {
+   int len_len, counter, k, first, max_len;
+-  char *temp, *n_end, *n_start;
++  char *temp = NULL, *n_end, *n_start;
+   unsigned char bit7;
+   unsigned long val, val1 = 0;
++  size_t temp_size = str ? strlen (str) : 0;
++
++  temp_size += 2;
++  if (temp_size < 2)
++    return ASN1_MEM_ALLOC_ERROR;
+ 
+   max_len = *der_len;
+ 
+-  temp = (char *) _asn1_malloc (strlen (str) + 2);
++  temp = (char *) _asn1_malloc (temp_size);
+   if (temp == NULL)
+     return ASN1_MEM_ALLOC_ERROR;
+ 
+-  strcpy (temp, str);
+-  strcat (temp, ".");
++  strncpy (temp, str ? (const char *)str : "", temp_size);
++  strncat (temp, ".", 1);
+ 
+   counter = 0;
+   n_start = temp;
upstream/oracle/spec-files