diff options
| author |   Justin Lecher <jlec@gentoo.org> | 2012-09-16 14:58:48 +0000 |
|---|---|---|
| committer | Justin Lecher <jlec@gentoo.org> | 2012-09-16 14:58:48 +0000 |
| commit | 09d1384cb613be321d548fba05fce03f480c4b3b (patch) | |
| tree | 8e585e8158085f2e935a82dea7eb6ab9a85f1c0c /dev-db/xbsql | |
| parent | Remove non-existing maintainer. Take over maintainership (diff) | |
| download | gentoo-2-09d1384cb613be321d548fba05fce03f480c4b3b.tar.gz gentoo-2-09d1384cb613be321d548fba05fce03f480c4b3b.tar.bz2 gentoo-2-09d1384cb613be321d548fba05fce03f480c4b3b.zip | |
dev-db/xbsql: Fix buffer overflow, #434198
(Portage version: 2.2.0_alpha128/cvs/Linux x86_64)
Diffstat (limited to 'dev-db/xbsql')
| -rw-r--r-- | dev-db/xbsql/ChangeLog | 8 | ||||
| -rw-r--r-- | dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch | 79 | ||||
| -rw-r--r-- | dev-db/xbsql/xbsql-0.11-r2.ebuild | 41 |
3 files changed, 127 insertions, 1 deletions
diff --git a/dev-db/xbsql/ChangeLog b/dev-db/xbsql/ChangeLog index ef6837439764..4a74b2a83bd5 100644 --- a/dev-db/xbsql/ChangeLog +++ b/dev-db/xbsql/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-db/xbsql # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/ChangeLog,v 1.11 2012/06/30 17:15:51 jlec Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/ChangeLog,v 1.12 2012/09/16 14:58:48 jlec Exp $ + +*xbsql-0.11-r2 (16 Sep 2012) + + 16 Sep 2012; Justin Lecher <jlec@gentoo.org> +xbsql-0.11-r2.ebuild, + +files/xbsql-0.11-bfr-overflow.patch: + Fix buffer overflow, #434198 *xbsql-0.11-r1 (30 Jun 2012) diff --git a/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch new file mode 100644 index 000000000000..1615fb4d4389 --- /dev/null +++ b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch @@ -0,0 +1,79 @@ + xbsql/xb_fieldset.cpp | 6 +++--- + xbsql/xbsql.cpp | 20 ++++++++++---------- + 2 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/xbsql/xb_fieldset.cpp b/xbsql/xb_fieldset.cpp +index ea9e726..f922ed3 100644 +--- a/xbsql/xb_fieldset.cpp ++++ b/xbsql/xb_fieldset.cpp +@@ -58,10 +58,10 @@ XBSQL::Index + if ((fldno < 0) || (fldno >= fieldSet.getNumFields())) + return XBSQL::IndexNone ; + +- char buff[255] ; +- strncpy (buff, tabname, sizeof(buff)) ; ++ char buff[256] ; ++ strncpy (buff, tabname, sizeof(buff) - 1) ; + strncat (buff, "_", sizeof(buff)) ; +- strncat (buff, getFieldName(fldno), sizeof(buff)) ; ++ strncat (buff, getFieldName(fldno), sizeof(buff) - strlen(tabname) - 1) ; + + const char *path = xbase->getPath (buff, "ndx") ; + int fd = open (path, O_RDONLY) ; +diff --git a/xbsql/xbsql.cpp b/xbsql/xbsql.cpp +index 9d07f88..96304c4 100644 +--- a/xbsql/xbsql.cpp ++++ b/xbsql/xbsql.cpp +@@ -376,9 +376,9 @@ bool XBaseSQL::createTable + char name [256] ; + xbNdx ndxFile (&dbfFile) ; + +- strncpy (name, table, sizeof(name)) ; ++ strncpy (name, table, sizeof(name) - 1) ; + strncat (name, "_", sizeof(name)) ; +- strncat (name, schema[idx].FieldName, sizeof(name)) ; ++ strncat (name, schema[idx].FieldName, sizeof(name) - strlen(table) - 1) ; + + path = getPath (name, "ndx") ; + idxflag = index[idx] == XBSQL::IndexUnique ? +@@ -467,9 +467,9 @@ XBSQLTable *XBaseSQL::openTable + { + char name[256] ; + +- strncpy (name, table, sizeof(name)) ; ++ strncpy (name, table, sizeof(name) - 1) ; + strncat (name, "_", sizeof(name)) ; +- strncat (name, fSet.getFieldName (idx), sizeof(name)) ; ++ strncat (name, fSet.getFieldName (idx), sizeof(name) - strlen(table) - 1) ; + + path = getPath (name, "ndx") ; + #ifndef _WIN32 +@@ -873,12 +873,12 @@ bool XBaseSQL::renameTable + char _newName[256] ; + const char *fname = fSet.getFieldName (idx) ; + +- strncpy (_oldName, oldName, sizeof(_oldName)) ; ++ strncpy (_oldName, oldName, sizeof(_oldName) - 1) ; + strncat (_oldName, "_", sizeof(_oldName)) ; +- strncat (_oldName, fname, sizeof(_oldName)) ; +- strncpy (_newName, newName, sizeof(_newName)) ; ++ strncat (_oldName, fname, sizeof(_oldName) - strlen(oldName) - 1) ; ++ strncpy (_newName, newName, sizeof(_newName) - 1) ; + strncat (_newName, "_", sizeof(_newName)) ; +- strncat (_newName, fname, sizeof(_newName)) ; ++ strncat (_newName, fname, sizeof(_newName) - strlen(newName) - 1) ; + + oldAnon = getPath (_oldName, "ndx") ; + newAnon = getPath (_newName, "ndx") ; +@@ -956,9 +956,9 @@ bool XBaseSQL::dropTable + char _idxName[256] ; + const char *fname = fSet.getFieldName (idx) ; + +- strncpy (_idxName, table, sizeof(_idxName)) ; ++ strncpy (_idxName, table, sizeof(_idxName) - 1) ; + strncat (_idxName, "_", sizeof(_idxName)) ; +- strncat (_idxName, fname, sizeof(_idxName)) ; ++ strncat (_idxName, fname, sizeof(_idxName) - strlen(table) - 1) ; + + tabAnon = getPath (_idxName, "ndx") ; + diff --git a/dev-db/xbsql/xbsql-0.11-r2.ebuild b/dev-db/xbsql/xbsql-0.11-r2.ebuild new file mode 100644 index 000000000000..27cf1a2f720b --- /dev/null +++ b/dev-db/xbsql/xbsql-0.11-r2.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/xbsql-0.11-r2.ebuild,v 1.1 2012/09/16 14:58:48 jlec Exp $ + +EAPI=4 + +AUTOTOOLS_AUTORECONF=yes + +inherit autotools-utils + +DESCRIPTION="An SQL Wrapper for the XBase library" +HOMEPAGE="http://www.rekallrevealed.org/" +SRC_URI="http://www.rekallrevealed.org/packages/${P}.tgz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="doc static-libs" + +RDEPEND=" + >=dev-db/xbase-3.1.2 + sys-libs/readline" +DEPEND="${RDEPEND} + sys-devel/automake + sys-devel/libtool" + +PATCHES=( + "${FILESDIR}"/${P}-ncurses64.patch + "${FILESDIR}"/${P}-xbase64.patch + "${FILESDIR}"/${P}-autotools.patch + "${FILESDIR}"/${P}-bfr-overflow.patch +) + +DOCS=( AUTHORS Announce ChangeLog INSTALL README TODO ) + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +src_install() { + autotools-utils_src_install + use doc && dohtml doc/* +} |