Fixed chkutmp crash, bug #184962, thank barbaz for report and Stewart Gebbie for the fix.

(Portage version: 2.2_rc11/cvs/Linux 2.6.26-gentoo-r1 i686)

3 files changed, 68 insertions, 2 deletions

diff --git a/app-forensics/chkrootkit/ChangeLog b/app-forensics/chkrootkit/ChangeLog
index d87c5a81b8b9..ae66cad83c8f 100644
--- a/app-forensics/chkrootkit/ChangeLog
+++ b/app-forensics/chkrootkit/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-forensics/chkrootkit
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/ChangeLog,v 1.47 2008/10/06 19:38:01 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/ChangeLog,v 1.48 2008/10/06 20:00:11 pva Exp $
+
+*chkrootkit-0.48-r1 (06 Oct 2008)
+
+  06 Oct 2008; Peter Volkov <pva@gentoo.org>
+  +files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch,
+  -chkrootkit-0.48.ebuild, +chkrootkit-0.48-r1.ebuild:
+  Fixed chkutmp crash, bug #184962, thank barbaz for report and Stewart
+  Gebbie for the fix.
 
 *chkrootkit-0.48 (06 Oct 2008)
 
diff --git a/app-forensics/chkrootkit/chkrootkit-0.48.ebuild b/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild
index 72c739aabf37..e1f30d27d78e 100644
--- a/app-forensics/chkrootkit/chkrootkit-0.48.ebuild
+++ b/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.48.ebuild,v 1.1 2008/10/06 19:38:01 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild,v 1.1 2008/10/06 20:00:11 pva Exp $
 
 inherit eutils toolchain-funcs
 
@@ -20,6 +20,7 @@ src_unpack() {
 
 	epatch "${WORKDIR}/${P}-gentoo.diff"
 	epatch "${FILESDIR}/${P}-shell-history-anomalies.diff"
+	epatch "${FILESDIR}/${P}-chkutmp.c-some-overruns-fixes.patch"
 	sed -i 's:/var/adm/:/var/log/:g' chklastlog.c || die "sed chklastlog.c failed"
 }
 
diff --git a/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch b/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch
new file mode 100644
index 000000000000..09ba065a0697
--- /dev/null
+++ b/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch
@@ -0,0 +1,57 @@
+=== modified file 'chkutmp.c'
+--- chkutmp.c	2008-10-06 19:07:51 +0000
++++ chkutmp.c	2007-10-20 07:56:19 +0000
+@@ -23,6 +23,7 @@
+  *
+  *  Changelog: 
+  *   Ighighi X - Improved speed via break command - 2005/03/27 
++ *   Stewart Gebbie - fixed buffer overrun bug related to MAXREAD and UT_PIDLENGTH - 2007-10-20
+  *  
+  */
+ 
+@@ -42,7 +43,7 @@
+ #endif
+ #include <ctype.h>
+ 
+-#define MAXREAD 1024
++#define MAXREAD 4096
+ #define MAXBUF 4096
+ #define MAXLENGTH 256
+ #define UT_PIDSIZE 12
+@@ -57,13 +58,13 @@
+ #endif
+ 
+ struct ps_line {
+-    char ps_tty[UT_LINESIZE];
+-    char ps_user[UT_NAMESIZE];
+-    char ps_args[MAXLENGTH];
++    char ps_tty[UT_LINESIZE+1];
++    char ps_user[UT_NAMESIZE+1];
++    char ps_args[MAXLENGTH+1];
+     int ps_pid;
+ };
+ struct utmp_line {
+-    char ut_tty[UT_LINESIZE];
++    char ut_tty[UT_LINESIZE+1];
+     int ut_pid;
+     int ut_type;
+ };
+@@ -77,7 +78,7 @@
+ int fetchps(struct ps_line *psl_p)
+ {
+     FILE *ps_fp;
+-    char line[MAXREAD + 1], pid[UT_PIDSIZE];
++    char line[MAXREAD + 1], pid[UT_PIDSIZE+1];
+     char *s, *d;
+     struct ps_line *curp = &psl_p[0];
+     struct ps_line *endp = &psl_p[MAXBUF];
+@@ -97,7 +98,7 @@
+ 		while (isspace(*s))	/* skip spaces */
+ 		    s++;
+ 		d = pid;
+-		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++)	/* grab pid */
++		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++)	/* grab pid */
+ 		    ;
+ 		*d = '\0';
+ 		curp->ps_pid = atoi(pid);
+