Date: Wed, 1 Jan 2003 22:03:26 +0100 (CET) From: Dominik Brettnacher <domi@saargate.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Peter Jones <pjones@pmade.org> Subject: ports/46673: security/gpasman core dump fix for files larger than 2048 bytes Message-ID: <200301012103.h01L3QVw098091@dominik.saargate.de>
next in thread | raw e-mail | index | archive | help
>Number: 46673
>Category: ports
>Synopsis: security/gpasman core dump fix for files larger than 2048 bytes
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 01 13:10:02 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Dominik Brettnacher
>Release: FreeBSD 4.6-STABLE i386
>Organization:
>Environment:
System: FreeBSD dominik.saargate.de 4.6-STABLE FreeBSD 4.6-STABLE #2: Mon Aug 5 10:22:12 CEST 2002 domi@dominik.saargate.de:/usr/obj/usr/src/sys/DOMINIK i386
>Description:
gpasman will fail when trying to use files with a size greater than
2048 bytes. This patch will fix buffer handling.
Many thanks to Peter Jones who provided the original patch.
>How-To-Repeat:
>Fix:
diff -urN gpasman.old/files/patch-ab gpasman/files/patch-ab
--- gpasman.old/files/patch-ab Wed Jan 1 22:00:01 2003
+++ gpasman/files/patch-ab Thu Jan 1 01:00:00 1970
@@ -1,23 +0,0 @@
---- src/Makefile.in.orig Fri Sep 3 00:50:10 1999
-+++ src/Makefile.in Sat Jul 1 18:19:43 2000
-@@ -26,9 +26,9 @@
-
-
- CC = @CC@
--CFLAGS = @DEFS@ @CFLAGS@ $(shell @GTKCONFIG@ --cflags)
-+CFLAGS = @DEFS@ @CFLAGS@ `@GTKCONFIG@ --cflags`
- LDFLAGS = @LDFLAGS@
--LIBS = @LIBS@ $(shell @GTKCONFIG@ --libs)
-+LIBS = @LIBS@ `@GTKCONFIG@ --libs`
- INSTALL = @INSTALL@
-
- SRCS = librc2.c file.c gpasman.c
-@@ -39,7 +39,7 @@
- $(CC) -o gpasman $(OBJS) $(LDFLAGS) $(LIBS)
-
- .c.o: $(SRCS)
-- $(CC) -O2 -Wall $(CFLAGS) -c -o $@ $<
-+ $(CC) $(CFLAGS) -c -o $@ $<
-
- clean:
- rm -f $(OBJS) gpasman core *~ *.bak
diff -urN gpasman.old/files/patch-src::Makefile.in gpasman/files/patch-src::Makefile.in
--- gpasman.old/files/patch-src::Makefile.in Thu Jan 1 01:00:00 1970
+++ gpasman/files/patch-src::Makefile.in Wed Jan 1 21:45:06 2003
@@ -0,0 +1,23 @@
+--- src/Makefile.in.orig Fri Sep 3 00:50:10 1999
++++ src/Makefile.in Sat Jul 1 18:19:43 2000
+@@ -26,9 +26,9 @@
+
+
+ CC = @CC@
+-CFLAGS = @DEFS@ @CFLAGS@ $(shell @GTKCONFIG@ --cflags)
++CFLAGS = @DEFS@ @CFLAGS@ `@GTKCONFIG@ --cflags`
+ LDFLAGS = @LDFLAGS@
+-LIBS = @LIBS@ $(shell @GTKCONFIG@ --libs)
++LIBS = @LIBS@ `@GTKCONFIG@ --libs`
+ INSTALL = @INSTALL@
+
+ SRCS = librc2.c file.c gpasman.c
+@@ -39,7 +39,7 @@
+ $(CC) -o gpasman $(OBJS) $(LDFLAGS) $(LIBS)
+
+ .c.o: $(SRCS)
+- $(CC) -O2 -Wall $(CFLAGS) -c -o $@ $<
++ $(CC) $(CFLAGS) -c -o $@ $<
+
+ clean:
+ rm -f $(OBJS) gpasman core *~ *.bak
diff -urN gpasman.old/files/patch-src::file.c gpasman/files/patch-src::file.c
--- gpasman.old/files/patch-src::file.c Thu Jan 1 01:00:00 1970
+++ gpasman/files/patch-src::file.c Wed Jan 1 21:53:04 2003
@@ -0,0 +1,51 @@
+--- src/file.c.orig Mon Dec 2 21:03:36 2002
++++ src/file.c Mon Dec 2 21:33:40 2002
+@@ -244,9 +244,10 @@
+ unsigned short ciphertext[4];
+ int val=0;
+ unsigned char key[128];
++ off_t filesize = LOAD_BUFFER_LENGTH;
+
+ /* first we should check the file permissions */
+- if (file_exists(filename)) {
++ if ( (filesize = file_exists(filename)) > 0) {
+ val = check_file(filename);
+ if (val != 1) {
+ return val;
+@@ -261,7 +262,15 @@
+ return 0;
+ }
+
+- buffer = malloc(LOAD_BUFFER_LENGTH);
++ filesize = filesize >= LOAD_BUFFER_LENGTH ? filesize : LOAD_BUFFER_LENGTH;
++ buffer = malloc((size_t) filesize);
++ if (buffer == NULL) {
++#ifdef DEBUG
++ fprintf(stderr, "load_init: failed to allocate buffer of size %ld\n", filesize);
++#endif
++ return 0;
++ }
++
+ #ifdef DEBUGload
+ fprintf(stderr, "load_init, password=\"%s\"\n", password);
+ #endif
+@@ -440,7 +449,7 @@
+ }
+
+
+-int
++off_t
+ file_exists (char *tfile)
+ {
+ struct stat naamstat;
+@@ -455,8 +464,8 @@
+ else
+ {
+ #ifdef DEBUG
+- fprintf (stderr, "file_exists, %s DOES exist\n", tfile);
++ fprintf (stderr, "file_exists, %s DOES exist, size is %ld\n", tfile, naamstat.st_size);
+ #endif
+- return (1);
++ return (naamstat.st_size);
+ }
+ }
diff -urN gpasman.old/files/patch-src::file.h gpasman/files/patch-src::file.h
--- gpasman.old/files/patch-src::file.h Thu Jan 1 01:00:00 1970
+++ gpasman/files/patch-src::file.h Wed Jan 1 21:58:11 2003
@@ -0,0 +1,17 @@
+--- src/file.h.orig Tue Aug 31 12:32:54 1999
++++ src/file.h Wed Jan 1 21:56:15 2003
+@@ -7,6 +7,8 @@
+ * 4 = comment
+ */
+
++#include <sys/types.h>
++
+ int save_init(char *filename, char *password);
+ int save_entry(char *entry[4]);
+ int save_finalize(void);
+@@ -14,4 +16,4 @@
+ int load_entry(char *entry[4]);
+ int load_finalize(void);
+ int check_file (char *filename);
+-int file_exists (char *tfile);
++off_t file_exists (char *tfile);
diff -urN gpasman.old/files/patch-src::gpasman.c gpasman/files/patch-src::gpasman.c
--- gpasman.old/files/patch-src::gpasman.c Thu Jan 1 01:00:00 1970
+++ gpasman/files/patch-src::gpasman.c Wed Jan 1 21:53:13 2003
@@ -0,0 +1,20 @@
+--- src/gpasman.c.orig Mon Dec 2 21:35:13 2002
++++ src/gpasman.c Mon Dec 2 21:36:44 2002
+@@ -118,7 +118,7 @@
+ g_print("main, current_set.filename = %s\n", current_set.filename);
+ #endif
+ g_free(filename);
+- if (file_exists(current_set.filename) == 1) {
++ if (file_exists(current_set.filename) > 0) {
+ load_file(current_set.filename);
+ gtk_widget_show(main_window);
+ } else {
+@@ -612,7 +612,7 @@
+ return;
+ }
+ tmpfilename = return_file();
+- if (tmpfilename &&(file_exists(tmpfilename)==1)) {
++ if (tmpfilename &&(file_exists(tmpfilename)>0)) {
+ file_clear(w, data);
+ current_set.filename = g_malloc(strlen(tmpfilename)+1);
+ strcpy(current_set.filename, tmpfilename);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301012103.h01L3QVw098091>