Hello community, here is the log from the commit of package libgtop checked in at Sat Jan 20 11:45:15 CET 2007. -------- --- GNOME/libgtop/libgtop.changes 2007-01-08 18:27:21.000000000 +0100 +++ /mounts/work_src_done/STABLE/libgtop/libgtop.changes 2007-01-19 19:31:06.980538000 +0100 @@ -1,0 +2,5 @@ +Fri Jan 19 12:30:57 CST 2007 - maw@suse.de + +- Add libgtop-buffer-overflow.patch (#235086 and CVE-2007-0235). + +------------------------------------------------------------------- New: ---- libgtop-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgtop.spec ++++++ --- /var/tmp/diff_new_pack.a18696/_old 2007-01-20 11:45:00.000000000 +0100 +++ /var/tmp/diff_new_pack.a18696/_new 2007-01-20 11:45:00.000000000 +0100 @@ -16,10 +16,11 @@ Provides: libgtop2 Obsoletes: libgtop2 Version: 2.14.4 -Release: 26 +Release: 28 Summary: LibGTop Library Source0: ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/2.14/%{name}-%{version}.tar.bz2 -Patch: libgtop-resident-field-fix.patch +Patch0: libgtop-resident-field-fix.patch +Patch1: libgtop-buffer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Autoreqprov: on PreReq: %install_info_prereq @@ -104,6 +105,8 @@ %{_libdir}/pkgconfig/*.pc %changelog -n libgtop +* Fri Jan 19 2007 - maw@suse.de +- Add libgtop-buffer-overflow.patch (#235086 and CVE-2007-0235). * Mon Jan 08 2007 - sbrabec@suse.cz - Spec file cleanup. * Mon Jan 08 2007 - ro@suse.de ++++++ libgtop-buffer-overflow.patch ++++++ Index: sysdeps/linux/procmap.c =================================================================== --- sysdeps/linux/procmap.c (révision 2544) +++ sysdeps/linux/procmap.c (copie de travail) @@ -38,7 +38,7 @@ #define SMAPS_FILE "/proc/%u/smaps" -#define PROC_MAPS_FORMAT "%16llx-%16llx %4c %16llx %02hx:%02hx %llu%*[ ]%[^\n]\n" +#define PROC_MAPS_FORMAT "%16llx-%16llx %4c %16llx %02hx:%02hx %llu%*[ ]%n" static const unsigned long _glibtop_sysdeps_proc_map = @@ -132,6 +132,8 @@ FILE *maps; const char *filename; gboolean has_smaps; + char *line = NULL; + size_t line_size = 0; glibtop_init_s (&server, GLIBTOP_SYSDEPS_PROC_MAP, 0); @@ -152,33 +154,30 @@ while(TRUE) { - char line[1024]; - unsigned long perm = 0; - int rv; guint len; + int line_end; unsigned short dev_major, dev_minor; guint64 start, end, offset, inode; char flags[4]; - char filename [GLIBTOP_MAP_FILENAME_LEN+1]; + char *filename; glibtop_map_entry *entry; - if (!fgets(line, sizeof line, maps)) + if (getline(&line, &line_size, maps) == -1) break; /* 8 arguments */ - rv = sscanf(line, PROC_MAPS_FORMAT, - &start, &end, flags, &offset, - &dev_major, &dev_minor, &inode, filename); + if (sscanf(line, PROC_MAPS_FORMAT, + &start, &end, flags, &offset, + &dev_major, &dev_minor, &inode, &line_end) == EOF) + break; - if(rv == EOF || rv < 7) - break; + g_assert(line_end < line_size); + filename = line + line_end; + g_strstrip(filename); - if(rv == 7) /* no filename */ - filename[0] = '\0'; - /* Compute access permissions. */ if (flags [0] == 'r') @@ -217,6 +216,7 @@ } + free(line); fclose (maps); buf->flags = _glibtop_sysdeps_proc_map; Index: sysdeps/linux/procopenfiles.c =================================================================== --- sysdeps/linux/procopenfiles.c (révision 2544) +++ sysdeps/linux/procopenfiles.c (copie de travail) @@ -58,7 +58,8 @@ parse_file(const char *filename, LineParser parser, GHashTable *dict) { FILE *f; - char line[1024]; + char *line = NULL; + size_t size = 0; f = fopen(filename, "r"); @@ -67,15 +68,16 @@ return; } + /* skip the first line */ - if(!fgets(line, sizeof line, f)) goto eof; + if (getline(&line, &size, f) == -1) + goto eof; - while(fgets(line, sizeof line, f)) - { + while (getline(&line, &size, f) != -1) parser(dict, line); - } eof: + free(line); fclose(f); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org