summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2005-05-04 11:26:38 +0000
committerDaniel Black <dragonheart@gentoo.org>2005-05-04 11:26:38 +0000
commit3d98bba8a26e316208ed14d013610da2c270ae83 (patch)
tree2f1695907584808e741651911ef6e8bb26c0110f /app-editors/hteditor
parentapp-editors/hteditor-0.8.0-r1 for testing (diff)
downloadhistorical-3d98bba8a26e316208ed14d013610da2c270ae83.tar.gz
historical-3d98bba8a26e316208ed14d013610da2c270ae83.tar.bz2
historical-3d98bba8a26e316208ed14d013610da2c270ae83.zip
hteditor-0.8.0-r1 fixes 0 segments exploit that Tavis found
Package-Manager: portage-2.0.51.21
Diffstat (limited to 'app-editors/hteditor')
-rw-r--r--app-editors/hteditor/ChangeLog8
-rw-r--r--app-editors/hteditor/Manifest15
-rw-r--r--app-editors/hteditor/files/digest-hteditor-0.8.0-r11
-rw-r--r--app-editors/hteditor/files/hteditor-0.8.0-mallocboundcheck.patch246
-rw-r--r--app-editors/hteditor/hteditor-0.8.0-r1.ebuild45
5 files changed, 308 insertions, 7 deletions
diff --git a/app-editors/hteditor/ChangeLog b/app-editors/hteditor/ChangeLog
index 453fc11996e5..bc56ad2a11cb 100644
--- a/app-editors/hteditor/ChangeLog
+++ b/app-editors/hteditor/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-editors/hteditor
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/hteditor/ChangeLog,v 1.12 2005/04/21 14:04:39 herbs Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/hteditor/ChangeLog,v 1.13 2005/05/04 11:26:38 dragonheart Exp $
+
+*hteditor-0.8.0-r1 (04 May 2005)
+
+ 04 May 2005; Daniel Black <dragonheart@gentoo.org>
+ +files/hteditor-0.8.0-mallocboundcheck.patch, +hteditor-0.8.0-r1.ebuild:
+ hteditor-0.8.0-r1 fixes 0 segments exploit that Tavis found
21 Apr 2005; Herbie Hopkins <herbs@gentoo.org> hteditor-0.8.0.ebuild:
~amd64 keyword added, bug #88994
diff --git a/app-editors/hteditor/Manifest b/app-editors/hteditor/Manifest
index 6235a89eba74..707cf0a189fe 100644
--- a/app-editors/hteditor/Manifest
+++ b/app-editors/hteditor/Manifest
@@ -1,16 +1,19 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+MD5 ec15c93525f4f3c65a3114e847f3eb9d ChangeLog 2080
+MD5 1652522405f5936eb29776ef8d5ffa5b metadata.xml 310
MD5 474a7acbf7f185b0c050806a3f404314 hteditor-0.8.0.ebuild 848
+MD5 2ffbedac2a1052be2124e41bf03398c9 hteditor-0.8.0-r1.ebuild 961
MD5 a3967faa2e53b980b44cbe19a2a1d6a6 hteditor-0.7.4.ebuild 722
-MD5 76319fd839fb6138b5771bb8acf7d12e ChangeLog 1849
-MD5 1652522405f5936eb29776ef8d5ffa5b metadata.xml 310
-MD5 44f3316a45dc74c201dd2513928e3a20 files/digest-hteditor-0.7.4 61
MD5 62f3c11a4b0b8fe29f1a412386c66d5c files/digest-hteditor-0.8.0 61
+MD5 376145af92012f30281eeeafc0abf98a files/hteditor-0.8.0-mallocboundcheck.patch 10239
+MD5 44f3316a45dc74c201dd2513928e3a20 files/digest-hteditor-0.7.4 61
+MD5 62f3c11a4b0b8fe29f1a412386c66d5c files/digest-hteditor-0.8.0-r1 61
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-iD8DBQFCZ7MP2G5bA0cA/ScRAtRXAKDtLnjhKGFQeucpu1ou96m3d4ICgQCfUAE7
-4HDcoWcMXgLlJ13rFK8mPLU=
-=OHy9
+iD8DBQFCeLF/mdTrptrqvGERAmsHAJ4rbBO1MzRFNUm+/g7WWsqgH0/yEgCeP0Ge
+OT+CUDyUnO0iVpWjsYGic84=
+=GnfS
-----END PGP SIGNATURE-----
diff --git a/app-editors/hteditor/files/digest-hteditor-0.8.0-r1 b/app-editors/hteditor/files/digest-hteditor-0.8.0-r1
new file mode 100644
index 000000000000..0f800184724d
--- /dev/null
+++ b/app-editors/hteditor/files/digest-hteditor-0.8.0-r1
@@ -0,0 +1 @@
+MD5 ee309bdd16b3e1ec78b2efb6427dd5a5 ht-0.8.0.tar.bz2 731401
diff --git a/app-editors/hteditor/files/hteditor-0.8.0-mallocboundcheck.patch b/app-editors/hteditor/files/hteditor-0.8.0-mallocboundcheck.patch
new file mode 100644
index 000000000000..b2f64e8baf0e
--- /dev/null
+++ b/app-editors/hteditor/files/hteditor-0.8.0-mallocboundcheck.patch
@@ -0,0 +1,246 @@
+--- cplus-dem.c.orig 2005-05-04 19:32:05.000000000 +1000
++++ cplus-dem.c 2005-05-04 19:52:48.000000000 +1000
+@@ -1572,7 +1572,7 @@
+ else
+ {
+ int symbol_len = consume_count (mangled);
+- if (symbol_len == -1)
++ if (symbol_len <= -1)
+ return -1;
+ if (symbol_len == 0)
+ string_appendn (s, "0", 1);
+@@ -1690,7 +1690,7 @@
+ {
+ return (0);
+ }
+- if (!is_type)
++ if (!is_type && r)
+ {
+ /* Create an array for saving the template argument values. */
+ work->tmpl_argvec = (char**) xmalloc (r * sizeof (char *));
+@@ -1718,9 +1718,11 @@
+ {
+ /* Save the template argument. */
+ int len = temp.p - temp.b;
+- work->tmpl_argvec[i] = xmalloc (len + 1);
+- memcpy (work->tmpl_argvec[i], temp.b, len);
+- work->tmpl_argvec[i][len] = '\0';
++ if (len) {
++ work->tmpl_argvec[i] = xmalloc (len + 1);
++ memcpy (work->tmpl_argvec[i], temp.b, len);
++ work->tmpl_argvec[i][len] = '\0';
++ }
+ }
+ }
+ string_delete(&temp);
+@@ -1746,9 +1748,12 @@
+ {
+ /* Save the template argument. */
+ int len = r2;
+- work->tmpl_argvec[i] = xmalloc (len + 1);
+- memcpy (work->tmpl_argvec[i], *mangled, len);
+- work->tmpl_argvec[i][len] = '\0';
++ if (len >=0)
++ {
++ work->tmpl_argvec[i] = xmalloc (len + 1);
++ memcpy (work->tmpl_argvec[i], *mangled, len);
++ work->tmpl_argvec[i][len] = '\0';
++ }
+ }
+ *mangled += r2;
+ }
+@@ -1792,9 +1797,11 @@
+ if (!is_type)
+ {
+ int len = s->p - s->b;
+- work->tmpl_argvec[i] = xmalloc (len + 1);
+- memcpy (work->tmpl_argvec[i], s->b, len);
+- work->tmpl_argvec[i][len] = '\0';
++ if (len<=0) {
++ work->tmpl_argvec[i] = xmalloc (len + 1);
++ memcpy (work->tmpl_argvec[i], s->b, len);
++ work->tmpl_argvec[i][len] = '\0';
++ }
+
+ string_appends (tname, s);
+ string_delete (s);
+@@ -2594,6 +2601,7 @@
+ char * recurse = (char *)NULL;
+ char * recurse_dem = (char *)NULL;
+
++ if (namelength <= 0) return; /* not sure about this one */
+ recurse = (char *) xmalloc (namelength + 1);
+ memcpy (recurse, *mangled, namelength);
+ recurse[namelength] = '\000';
+@@ -3730,6 +3738,7 @@
+ sizeof (char *) * work -> typevec_size);
+ }
+ }
++ if (len<=0) len=0;
+ tem = xmalloc (len + 1);
+ memcpy (tem, start, len);
+ tem[len] = '\0';
+@@ -3762,6 +3771,7 @@
+ sizeof (char *) * work -> ksize);
+ }
+ }
++ if (len<=0) len=0;
+ tem = xmalloc (len + 1);
+ memcpy (tem, start, len);
+ tem[len] = '\0';
+@@ -3809,6 +3819,7 @@
+ {
+ char *tem;
+
++ if (len<=0) len=0;
+ tem = xmalloc (len + 1);
+ memcpy (tem, start, len);
+ tem[len] = '\0';
+--- htanaly.cc.orig 2005-05-04 19:59:15.000000000 +1000
++++ htanaly.cc 2005-05-04 19:59:19.000000000 +1000
+@@ -1323,6 +1323,7 @@
+ if (!getCurrentAddress(&c)) break;
+ b = analy->createAddress();
+ UINT bz = b->byteSize();
++ if (!bz) break;
+ byte *buf = (byte*)smalloc(bz);
+ if (analy->bufPtr(c, buf, bz) != bz) break;
+ b->getFromArray(buf);
+--- htcoff.cc.orig 2005-05-04 20:08:20.000000000 +1000
++++ htcoff.cc 2005-05-04 20:08:26.000000000 +1000
+@@ -168,12 +168,13 @@
+ h -= 4;
+
+ file->seek(h+os+24);
+- coff_shared->sections.sections=(COFF_SECTION_HEADER*)malloc(coff_shared->sections.section_count * sizeof *coff_shared->sections.sections);
+- file->read(coff_shared->sections.sections, coff_shared->sections.section_count*sizeof *coff_shared->sections.sections);
+- for (UINT i=0; i<coff_shared->sections.section_count; i++) {
+- create_host_struct(&coff_shared->sections.sections[i], COFF_SECTION_HEADER_struct, end);
+- }
+-
++ if (coff_shared->sections.section_count) {
++ coff_shared->sections.sections=(COFF_SECTION_HEADER*)malloc(coff_shared->sections.section_count * sizeof *coff_shared->sections.sections);
++ file->read(coff_shared->sections.sections, coff_shared->sections.section_count*sizeof *coff_shared->sections.sections);
++ for (UINT i=0; i<coff_shared->sections.section_count; i++) {
++ create_host_struct(&coff_shared->sections.sections[i], COFF_SECTION_HEADER_struct, end);
++ }
++ } /* CHECK - sufficient */
+ shared_data = coff_shared;
+
+ ht_format_group::init_ifs(ifs);
+--- htelf.cc.orig 2005-05-04 19:09:49.000000000 +1000
++++ htelf.cc 2005-05-04 20:15:19.000000000 +1000
+@@ -150,6 +150,7 @@
+ create_host_struct(&elf_shared->header32, ELF_HEADER32_struct, elf_shared->byte_order);
+ /* read section headers */
+ elf_shared->sheaders.count=elf_shared->header32.e_shnum;
++ if (!elf_shared->sheaders.count) throw new ht_msg_exception("Zero count for section headers");
+ elf_shared->sheaders.sheaders32=(ELF_SECTION_HEADER32*)malloc(elf_shared->sheaders.count*sizeof *elf_shared->sheaders.sheaders32);
+ if (file->seek(header_ofs+elf_shared->header32.e_shoff)) throw new ht_msg_exception("seek error");
+ if (file->read(elf_shared->sheaders.sheaders32, elf_shared->sheaders.count*sizeof *elf_shared->sheaders.sheaders32)
+@@ -162,6 +163,7 @@
+
+ /* read program headers */
+ elf_shared->pheaders.count=elf_shared->header32.e_phnum;
++ if (!elf_shared->pheaders.count) throw new ht_msg_exception("Zero count in program section headers");
+ elf_shared->pheaders.pheaders32=(ELF_PROGRAM_HEADER32*)malloc(elf_shared->pheaders.count*sizeof *elf_shared->pheaders.pheaders32);
+ if (file->seek(header_ofs+elf_shared->header32.e_phoff)) throw new ht_msg_exception("seek error");
+ if (file->read(elf_shared->pheaders.pheaders32, elf_shared->pheaders.count*sizeof *elf_shared->pheaders.pheaders32)
+@@ -197,6 +199,7 @@
+ create_host_struct(&elf_shared->header64, ELF_HEADER64_struct, elf_shared->byte_order);
+ /* read section headers */
+ elf_shared->sheaders.count=elf_shared->header64.e_shnum;
++ if (!elf_shared->sheaders.count) throw new ht_msg_exception("Zero count for section headers");
+ elf_shared->sheaders.sheaders64=(ELF_SECTION_HEADER64*)malloc(elf_shared->sheaders.count*sizeof *elf_shared->sheaders.sheaders64);
+ /* FIXME: 64-bit */
+ if (file->seek(header_ofs+elf_shared->header64.e_shoff.lo)) throw new ht_msg_exception("seek error");
+@@ -210,6 +213,7 @@
+
+ /* read program headers */
+ elf_shared->pheaders.count=elf_shared->header64.e_phnum;
++ if (!elf_shared->pheaders.count) throw new ht_msg_exception("Zero count in program section headers");
+ elf_shared->pheaders.pheaders64=(ELF_PROGRAM_HEADER64*)malloc(elf_shared->pheaders.count*sizeof *elf_shared->pheaders.pheaders64);
+ /* FIXME: 64-bit */
+ if (file->seek(header_ofs+elf_shared->header64.e_phoff.lo)) throw new ht_msg_exception("seek error");
+@@ -417,8 +421,11 @@
+ ht_elf_shared_data *elf_shared=(ht_elf_shared_data *)shared_data;
+
+ ELF_SECTION_HEADER32 *s=elf_shared->sheaders.sheaders32;
+-
+- elf_shared->shrelocs = (ht_elf_reloc_section32*)malloc(elf_shared->sheaders.count * sizeof (ht_elf_reloc_section32));
++ if (!elf_shared->sheaders.count) {
++ LOG("%s: ELF: segment header count is zero", file->get_filename());
++ } else {
++ elf_shared->shrelocs = (ht_elf_reloc_section32*)malloc(elf_shared->sheaders.count * sizeof (ht_elf_reloc_section32));
++ }
+
+ /* relocate sections */
+ for (uint i=0; i<elf_shared->sheaders.count; i++) {
+--- htpef.cc.orig 2005-05-04 20:38:57.000000000 +1000
++++ htpef.cc 2005-05-04 20:39:00.000000000 +1000
+@@ -99,16 +99,18 @@
+
+ /* read section headers */
+ pef_shared->sheaders.count = pef_shared->contHeader.sectionCount;
+- pef_shared->sheaders.sheaders = (PEF_SECTION_HEADER*)
+- malloc(pef_shared->sheaders.count*sizeof (PEF_SECTION_HEADER));
+- for (uint i=0; i<pef_shared->sheaders.count; i++) {
+- file->read(&pef_shared->sheaders.sheaders[i], sizeof pef_shared->sheaders.sheaders[i]);
+- create_host_struct(&pef_shared->sheaders.sheaders[i], PEF_SECTION_HEADER_struct, pef_shared->byte_order);
+- // FIXME: hack
+- pef_shared->sheaders.sheaders[i].defaultAddress = i*0x100000;
+- if (!pef_shared->loader_info_header_ofs
+- && pef_shared->sheaders.sheaders[i].sectionKind == PEF_SK_Loader) {
+- pef_shared->loader_info_header_ofs = pef_shared->sheaders.sheaders[i].containerOffset;
++ if (pef_shared->sheaders.count) {
++ pef_shared->sheaders.sheaders = (PEF_SECTION_HEADER*)
++ malloc(pef_shared->sheaders.count*sizeof (PEF_SECTION_HEADER));
++ for (uint i=0; i<pef_shared->sheaders.count; i++) {
++ file->read(&pef_shared->sheaders.sheaders[i], sizeof pef_shared->sheaders.sheaders[i]);
++ create_host_struct(&pef_shared->sheaders.sheaders[i], PEF_SECTION_HEADER_struct, pef_shared->byte_order);
++ // FIXME: hack
++ pef_shared->sheaders.sheaders[i].defaultAddress = i*0x100000;
++ if (!pef_shared->loader_info_header_ofs
++ && pef_shared->sheaders.sheaders[i].sectionKind == PEF_SK_Loader) {
++ pef_shared->loader_info_header_ofs = pef_shared->sheaders.sheaders[i].containerOffset;
++ }
+ }
+ }
+
+--- htpeimp.cc.orig 2005-05-04 20:41:43.000000000 +1000
++++ htpeimp.cc 2005-05-04 20:54:14.000000000 +1000
+@@ -174,19 +174,21 @@
+ PE_THUNK_DATA *thunk_table = NULL;
+ PE_THUNK_DATA_64 *thunk_table64 = NULL;
+ file->seek(thunk_ofs);
+- if (pe32) {
+- thunk_table=(PE_THUNK_DATA*)malloc(sizeof *thunk_table * thunk_count);
+- file->read(thunk_table, sizeof *thunk_table * thunk_count);
+- // FIXME: ?
+- for (UINT i=0; i<thunk_count; i++) {
+- create_host_struct(thunk_table+i, PE_THUNK_DATA_struct, little_endian);
+- }
+- } else {
+- thunk_table64=(PE_THUNK_DATA_64*)malloc(sizeof *thunk_table64 * thunk_count);
+- file->read(thunk_table64, sizeof *thunk_table64 * thunk_count);
+- // FIXME: ?
+- for (UINT i=0; i<thunk_count; i++) {
+- create_host_struct(thunk_table64+i, PE_THUNK_DATA_64_struct, little_endian);
++ if (thunk_count) {
++ if (pe32) {
++ thunk_table=(PE_THUNK_DATA*)malloc(sizeof *thunk_table * thunk_count);
++ file->read(thunk_table, sizeof *thunk_table * thunk_count);
++ // FIXME: ?
++ for (UINT i=0; i<thunk_count; i++) {
++ create_host_struct(thunk_table+i, PE_THUNK_DATA_struct, little_endian);
++ }
++ } else {
++ thunk_table64=(PE_THUNK_DATA_64*)malloc(sizeof *thunk_table64 * thunk_count);
++ file->read(thunk_table64, sizeof *thunk_table64 * thunk_count);
++ // FIXME: ?
++ for (UINT i=0; i<thunk_count; i++) {
++ create_host_struct(thunk_table64+i, PE_THUNK_DATA_64_struct, little_endian);
++ }
+ }
+ }
+ for (dword i=0; i<thunk_count; i++) {
diff --git a/app-editors/hteditor/hteditor-0.8.0-r1.ebuild b/app-editors/hteditor/hteditor-0.8.0-r1.ebuild
new file mode 100644
index 000000000000..76fafaff9ec9
--- /dev/null
+++ b/app-editors/hteditor/hteditor-0.8.0-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-editors/hteditor/hteditor-0.8.0-r1.ebuild,v 1.1 2005/05/04 11:26:38 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="editor for executable files"
+HOMEPAGE="http://hte.sourceforge.net/"
+SRC_URI="mirror://sourceforge/hte/ht-${PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~ppc ~x86 ~amd64"
+IUSE=""
+
+RDEPEND="virtual/libc
+ virtual/x11
+ sys-libs/ncurses"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.4
+ sys-devel/autoconf
+ sys-devel/bison
+ sys-devel/flex"
+
+S="${WORKDIR}/ht-${PV/_/}"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/${P}-mallocboundcheck.patch
+}
+
+src_compile() {
+ econf || die
+ emake \
+ CFLAGS="${CFLAGS}" \
+ CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}" || die
+}
+
+src_install() {
+ make DESTDIR=${D} install || die
+ dodoc AUTHORS KNOWNBUGS TODO README
+ dohtml doc/ht.html
+ doinfo doc/*.info
+}