Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/a2ps/patches/12_fix-format-security.patch
author zihao.zhu@oracle.com <zihao.zhu@oracle.com>
Mon, 17 Oct 2016 09:22:53 -0700
changeset 7116 24e5d18aa27c
parent 6897 95d141a9085b
permissions -rw-r--r--
23606339 openldap role audit class not set to "cusa"

(Part of this patch was the .../a2ps/patches/22564022.patch file).

This patch has been taken from community and it addresses format string
vulnerabilities in a2ps component.

Original link:
http://www.openwall.com/lists/oss-security/2015/11/16/4

This turned into CVE-2015-8107:

See:

  http://seclists.org/oss-sec/2015/q4/284
  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8107

for more information.

Index: b/lib/psgen.c
===================================================================
--- a/lib/psgen.c
+++ b/lib/psgen.c
@@ -232,7 +232,7 @@
     default:
       *buf = '\0';
       ps_escape_char (job, cp[i], buf);
-      output (jdiv, (char *) buf);
+      output (jdiv, "%s", (char *) buf);
       break;
     }
   }
Index: b/lib/output.c
===================================================================
--- a/lib/output.c
+++ b/lib/output.c
@@ -525,7 +525,7 @@
 		     expand_user_string (job, FIRST_FILE (job),
 					 (const uchar *) "Expand: requirement",
 					 (const uchar *) token));
-	output (dest, expansion);
+	output (dest, "%s", expansion);
 	continue;
       }
 
Index: b/lib/parseppd.y
===================================================================
--- a/lib/parseppd.y
+++ b/lib/parseppd.y
@@ -154,7 +154,7 @@
 void
 yyerror (const char *msg)
 {
-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
+  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
 }
 
 /*
Index: b/src/parsessh.y
===================================================================
--- a/src/parsessh.y
+++ b/src/parsessh.y
@@ -740,7 +740,7 @@
 void
 yyerror (const char *msg)
 {
-  error_at_line (1, 0, sshfilename, sshlineno, msg);
+  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
 }
 
 /*
Index: b/lib/parseppd.c
===================================================================
--- a/lib/parseppd.c
+++ b/lib/parseppd.c
@@ -1707,7 +1707,7 @@
 void
 yyerror (const char *msg)
 {
-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
+  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
 }
 
 /*
Index: b/src/parsessh.c
===================================================================
--- a/src/parsessh.c
+++ b/src/parsessh.c
@@ -2639,7 +2639,7 @@
 void
 yyerror (const char *msg)
 {
-  error_at_line (1, 0, sshfilename, sshlineno, msg);
+  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
 }
 
 /*
upstream/oracle/userland-gate