Bug#475733: (no subject)

Wed, 16 Apr 2008 12:47:02 -0700 

Hello,

  Thanks for the help. I have made a patch that would fix the possible 
  buffer overflows. Please check the attached patch.

On Mon, Apr 14, 2008 at 02:54:21PM +0200, Nico Golde wrote:
> Just saw it and I have to admit that I'm not really happy 
> with it. Please just let the code as it is now and used 
> snprintf instead with a length of sizeof(tmp). Please also 
> check the other buffers.
---end quoted text---

-- 
 أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
  SySDSoft, Inc.
 GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
 GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C  156E D325 C3C8 9DCA 0B27

Index: acon-1.0.5/acon.c
===================================================================
--- acon-1.0.5.orig/acon.c	2008-04-16 20:43:11.000000000 +0200
+++ acon-1.0.5/acon.c	2008-04-16 21:11:38.000000000 +0200
@@ -50,7 +50,7 @@
 
 		font[0]=translation[0]=keymap[0]=0;
 		if((env=getenv("HOME")))
-			sprintf(tmp,"%s/.acon.conf",env);
+			snprintf(tmp,300,"%s/.acon.conf",env);
 		else
 			strcpy(tmp,"/etc/acon.conf");
 		if((fp=fopen(tmp,"r"))==NULL)
Index: acon-1.0.5/arabicfont.c
===================================================================
--- acon-1.0.5.orig/arabicfont.c	2008-04-16 21:06:32.000000000 +0200
+++ acon-1.0.5/arabicfont.c	2008-04-16 21:11:28.000000000 +0200
@@ -613,7 +613,7 @@
 		y=16;	/*Only support 8x16 fonts now*/
 
 		if(path[0]!='/')
-			sprintf(tmp,"%s/fonts/%s",DATAPATH,path);
+			snprintf(tmp,300,"%s/fonts/%s",DATAPATH,path);
 		else
 			strcpy(tmp,path);
 		set_user_id();
@@ -699,12 +699,12 @@
 	if(path)
 	{
 		if(path[0]!='/')
-			sprintf(tmp,"loadkeys %s/keymaps/%s >& /dev/null",DATAPATH,path);
+			snprintf(tmp,300,"loadkeys %s/keymaps/%s >& /dev/null",DATAPATH,path);
 		else
-			sprintf(tmp,"loadkeys %s >& /dev/null",path);
+			snprintf(tmp,300,"loadkeys %s >& /dev/null",path);
 	}
 	else
-		sprintf(tmp,"loadkeys %s/keymaps/iso8859-6.map",DATAPATH);
+		snprintf(tmp,300,"loadkeys %s/keymaps/iso8859-6.map",DATAPATH);
 	
 	if(my_system(tmp))
 		printf("Error executing : %s \n",tmp);
@@ -743,7 +743,7 @@
 	}
 
 	if(path[0]!='/')
-		sprintf(tmp,"%s/translations/%s",DATAPATH,path);
+		snprintf(tmp,302,"%s/translations/%s",DATAPATH,path);
 	else
 		strcpy(tmp,path);
 	if((fp=fopen(tmp,"r"))==NULL)
Index: acon-1.0.5/child.c
===================================================================
--- acon-1.0.5.orig/child.c	2008-04-16 21:04:18.000000000 +0200
+++ acon-1.0.5/child.c	2008-04-16 21:11:53.000000000 +0200
@@ -101,7 +101,7 @@
 		printf("Acon: can't know HOME directory\n");
 		return;
 	}
-	sprintf(tmp,"%s/.acon.conf",env);
+	snprintf(tmp,300,"%s/.acon.conf",env);
 	if((fp=fopen(tmp,"w"))==NULL)
 	{
 		printf("Acon: can't save %s\n",tmp);

Reply via email to