diff --git a/cscope-15.6-incdir-overflow.patch b/cscope-15.6-incdir-overflow.patch new file mode 100644 index 0000000..a2aae49 --- /dev/null +++ b/cscope-15.6-incdir-overflow.patch @@ -0,0 +1,99 @@ +diff -pruN cscope-15.6.orig/src/dir.c cscope-15.6/src/dir.c +--- cscope-15.6.orig/src/dir.c 2006-09-30 10:13:00.000000000 +0200 ++++ cscope-15.6/src/dir.c 2009-06-12 16:56:33.000000000 +0200 +@@ -129,7 +129,6 @@ sourcedir(char *dirlist) + /* parse the directory list */ + dir = strtok(dirlist, DIRSEPS); + while (dir != NULL) { +- int dir_len = strlen(dir); + + addsrcdir(dir); + +@@ -139,8 +138,7 @@ sourcedir(char *dirlist) + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", +- PATHLEN - 2 - dir_len, ++ snprintf(path, PATHLEN, "%s/%s", + srcdirs[i], dir); + addsrcdir(path); + } +@@ -197,7 +195,6 @@ includedir(char *dirlist) + /* parse the directory list */ + dir = strtok(dirlist, DIRSEPS); + while (dir != NULL) { +- size_t dir_len = strlen(dir); + + addincdir(dir, dir); + +@@ -207,8 +204,7 @@ includedir(char *dirlist) + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", +- PATHLEN - 2 - dir_len, ++ snprintf(path, PATHLEN, "%s/%s", + srcdirs[i], dir); + addincdir(dir, path); + } +@@ -480,9 +476,6 @@ static void + scan_dir(const char *adir, BOOL recurse_dir) + { + DIR *dirfile; +- int adir_len = strlen(adir); +- +- /* FIXME: no guards against adir_len > PATHLEN, yet */ + + if ((dirfile = opendir(adir)) != NULL) { + struct dirent *entry; +@@ -494,8 +487,7 @@ scan_dir(const char *adir, BOOL recurse_ + && (strcmp("..",entry->d_name) != 0)) { + struct stat buf; + +- sprintf(path,"%s/%.*s", adir, +- PATHLEN - 2 - adir_len, ++ snprintf(path, PATHLEN, "%s/%s", adir, + entry->d_name); + + if (lstat(path,&buf) == 0) { +@@ -599,20 +591,19 @@ incfile(char *file, char *type) + if (type[0] == '"' && (s = inviewpath(file)) != NULL) { + addsrcfile(s); + } else { +- size_t file_len = strlen(file); + + /* search for the file in the #include directory list */ + for (i = 0; i < nincdirs; ++i) { + /* don't include the file from two directories */ +- sprintf(name, "%.*s/%s", +- PATHLEN - 2 - file_len, incnames[i], ++ snprintf(name, PATHLEN, "%s/%s", ++ incnames[i], + file); + if (infilelist(name) == YES) { + break; + } + /* make sure it exists and is readable */ +- sprintf(path, "%.*s/%s", +- PATHLEN - 2 - file_len, incdirs[i], ++ snprintf(path, PATHLEN, "%s/%s", ++ incdirs[i], + file); + if (access(compath(path), READ) == 0) { + addsrcfile(path); +@@ -655,12 +646,11 @@ inviewpath(char *file) + /* if it isn't a full path name and there is a multi-directory + * view path */ + if (*file != '/' && vpndirs > 1) { +- int file_len = strlen(file); + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", +- PATHLEN - 2 - file_len, srcdirs[i], ++ snprintf(path, PATHLEN, "%s/%s", ++ srcdirs[i], + file); + if (access(compath(path), READ) == 0) { + return(path); diff --git a/cscope.spec b/cscope.spec index 2d32bec..821f0a9 100644 --- a/cscope.spec +++ b/cscope.spec @@ -1,7 +1,7 @@ Summary: C source code tree search and browse tool Name: cscope Version: 15.6 -Release: 3%{?dist} +Release: 4%{?dist} Source0: http://unc.dl.sourceforge.net/sourceforge/cscope/cscope-15.6.tar.gz URL: http://cscope.sourceforge.net License: BSD @@ -18,6 +18,7 @@ Patch1:cscope-15.6-ocs.patch Patch2:cscope-15.6-xcscope-man.patch Patch3:cscope-15.6-sigwinch-linemode.patch Patch4:cscope-15.6-qrebuild.patch +Patch5:cscope-15.6-incdir-overflow.patch %description cscope is a mature, ncurses based, C source code tree browsing tool. It @@ -33,6 +34,7 @@ matches for use in file editing. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %configure @@ -81,6 +83,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el rm -f %{emacs_lisp_path}/xcscope.el %changelog +* Fri Jun 12 2009 Neil Horman +- Fix some buffer overflows (bz 505605) + * Tue Feb 24 2009 Fedora Release Engineering - 15.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild