Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/enscript/patches/enscript-CVE-2008-3863+CVE-2008-4306.patch
changeset 1132 a62391631ea1 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/enscript/patches/enscript-CVE-2008-3863+CVE-2008-4306.patch	Wed Jan 23 12:17:32 2013 -0800
@@ -0,0 +1,90 @@
+--- enscript-1.6.4/src/psgen.c
++++ enscript-1.6.4/src/psgen.c	2008-10-29 10:43:08.512598143 +0100
+@@ -24,6 +24,7 @@
+  * Boston, MA 02111-1307, USA.
+  */
+ 
++#include <limits.h>
+ #include "gsint.h"
+ 
+ /*
+@@ -124,7 +125,7 @@ struct gs_token_st
+ 	  double xscale;
+ 	  double yscale;
+ 	  int llx, lly, urx, ury; /* Bounding box. */
+-	  char filename[512];
++	  char filename[PATH_MAX];
+ 	  char *skipbuf;
+ 	  unsigned int skipbuf_len;
+ 	  unsigned int skipbuf_pos;
+@@ -135,11 +136,11 @@ struct gs_token_st
+       Color bgcolor;
+       struct
+ 	{
+-	  char name[512];
++	  char name[PATH_MAX];
+ 	  FontPoint size;
+ 	  InputEncoding encoding;
+ 	} font;
+-      char filename[512];
++      char filename[PATH_MAX];
+     } u;
+ };
+ 
+@@ -248,7 +249,7 @@ static int do_print = 1;
+ static int user_fontp = 0;
+ 
+ /* The user ^@font{}-defined font. */
+-static char user_font_name[256];
++static char user_font_name[PATH_MAX];
+ static FontPoint user_font_pt;
+ static InputEncoding user_font_encoding;
+ 
+@@ -978,7 +979,8 @@ large for page\n"),
+ 			FATAL ((stderr,
+ 				_("user font encoding can be only the system's default or `ps'")));
+ 
+-		      strcpy (user_font_name, token.u.font.name);
++		      memset  (user_font_name, 0, sizeof(user_font_name));
++		      strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
+ 		      user_font_pt.w = token.u.font.size.w;
+ 		      user_font_pt.h = token.u.font.size.h;
+ 		      user_font_encoding = token.u.font.encoding;
+@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
+ 	  buf[i] = ch;
+ 	  if (i + 1 >= sizeof (buf))
+ 	    FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
+-		    escapes[i].name, i, buf));
++		    escapes[e].name, i, buf));
+ 	}
+       buf[i] = '\0';
+ 
+@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
+       switch (escapes[e].escape)
+ 	{
+ 	case ESC_FONT:
+-	  strcpy (token->u.font.name, buf);
++	  memset  (token->u.font.name, 0, sizeof(token->u.font.name));
++	  strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
+ 
+ 	  /* Check for the default font. */
+ 	  if (strcmp (token->u.font.name, "default") == 0)
+@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
+ 		FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
+ 			token->u.font.name));
+ 
+-	      strcpy (token->u.font.name, cp);
++	      memset  (token->u.font.name, 0, sizeof(token->u.font.name));
++	      strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
+ 	      xfree (cp);
+ 	    }
+ 	  token->type = tFONT;
+@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
+ 	  break;
+ 
+ 	case ESC_SETFILENAME:
+-	  strcpy (token->u.filename, buf);
++	  memset  (token->u.filename, 0, sizeof(token->u.font.name));
++	  strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
+ 	  token->type = tSETFILENAME;
+ 	  break;
upstream/oracle/userland-gate