On Wed, 2008-11-19 at 23:29 +0100, Moritz Muehlenhoff wrote: > I'm attaching a patch by Werner Fink of SuSE covering these > issues.
How does this debdiff look? -- Tim Retout <[EMAIL PROTECTED]>
diff -u enscript-1.6.4/debian/patches/series enscript-1.6.4/debian/patches/series
--- enscript-1.6.4/debian/patches/series
+++ enscript-1.6.4/debian/patches/series
@@ -24,0 +25 @@
+506261-buffer-overflows
diff -u enscript-1.6.4/debian/changelog enscript-1.6.4/debian/changelog
--- enscript-1.6.4/debian/changelog
+++ enscript-1.6.4/debian/changelog
@@ -1,3 +1,11 @@
+enscript (1.6.4-13) unstable; urgency=high
+
+ * debian/patches/506261-buffer-overflows: New patch by Werner Fink to fix
+ buffer overflows. (Closes: #506261)
+ * Urgency set to "high" for RC security bugfix.
+
+ -- Tim Retout <[EMAIL PROTECTED]> Wed, 19 Nov 2008 22:45:35 +0000
+
enscript (1.6.4-12) unstable; urgency=low
* New maintainer. (Closes: #413482)
only in patch2:
unchanged:
--- enscript-1.6.4.orig/debian/patches/506261-buffer-overflows
+++ enscript-1.6.4/debian/patches/506261-buffer-overflows
@@ -0,0 +1,96 @@
+Patch by Werner Fink. See Debian bug #506261.
+
+
+Index: enscript-1.6.4/src/psgen.c
+===================================================================
+--- enscript-1.6.4.orig/src/psgen.c 2008-11-19 22:49:31.000000000 +0000
++++ enscript-1.6.4/src/psgen.c 2008-11-19 22:49:36.000000000 +0000
+@@ -24,6 +24,7 @@
+ * Boston, MA 02111-1307, USA.
+ */
+
++#include <limits.h>
+ #include "gsint.h"
+
+ /*
+@@ -124,7 +125,7 @@
+ double xscale;
+ double yscale;
+ int llx, lly, urx, ury; /* Bounding box. */
+- char filename[512];
++ char filename[PATH_MAX];
+ char *skipbuf;
+ unsigned int skipbuf_len;
+ unsigned int skipbuf_pos;
+@@ -135,11 +136,11 @@
+ Color bgcolor;
+ struct
+ {
+- char name[512];
++ char name[PATH_MAX];
+ FontPoint size;
+ InputEncoding encoding;
+ } font;
+- char filename[512];
++ char filename[PATH_MAX];
+ } u;
+ };
+
+@@ -248,7 +249,7 @@
+ static int user_fontp = 0;
+
+ /* The user [EMAIL PROTECTED] font. */
+-static char user_font_name[256];
++static char user_font_name[PATH_MAX];
+ static FontPoint user_font_pt;
+ static InputEncoding user_font_encoding;
+
+@@ -978,7 +979,8 @@
+ FATAL ((stderr,
+ _("user font encoding can be only the system's default or `ps'")));
+
+- strcpy (user_font_name, token.u.font.name);
++ memset (user_font_name, 0, sizeof(user_font_name));
++ strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
+ user_font_pt.w = token.u.font.size.w;
+ user_font_pt.h = token.u.font.size.h;
+ user_font_encoding = token.u.font.encoding;
+@@ -1444,7 +1446,7 @@
+ buf[i] = ch;
+ if (i + 1 >= sizeof (buf))
+ FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
+- escapes[i].name, i, buf));
++ escapes[e].name, i, buf));
+ }
+ buf[i] = '\0';
+
+@@ -1452,7 +1454,8 @@
+ switch (escapes[e].escape)
+ {
+ case ESC_FONT:
+- strcpy (token->u.font.name, buf);
++ memset (token->u.font.name, 0, sizeof(token->u.font.name));
++ strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
+
+ /* Check for the default font. */
+ if (strcmp (token->u.font.name, "default") == 0)
+@@ -1465,7 +1468,8 @@
+ FATAL ((stderr, _("malformed font spec for [EMAIL PROTECTED] escape: %s"),
+ token->u.font.name));
+
+- strcpy (token->u.font.name, cp);
++ memset (token->u.font.name, 0, sizeof(token->u.font.name));
++ strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
+ xfree (cp);
+ }
+ token->type = tFONT;
+@@ -1544,7 +1548,8 @@
+ break;
+
+ case ESC_SETFILENAME:
+- strcpy (token->u.filename, buf);
++ memset (token->u.filename, 0, sizeof(token->u.font.name));
++ strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
+ token->type = tSETFILENAME;
+ break;
+
signature.asc
Description: This is a digitally signed message part
