--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/psutils/patches/buffer_overflow.patch Fri Jan 17 17:43:13 2014 +0100
@@ -0,0 +1,127 @@
+The problem has been reported to [email protected] by mail but there was no
+response. For now it is safer to disable line wrapping than trying to fix
+various buffer overflows in the code.
+
+--- psutils/pserror.c 2014-01-23 15:47:09.375709690 +0100
++++ psutils/pserror.c 2014-01-23 15:46:57.742698912 +0100
+@@ -12,111 +12,31 @@
+ #include "patchlev.h"
+
+ #include <string.h>
++#include <stdio.h>
++#include <stdarg.h>
+
+ /* Message functions; there is a single are varargs functions for messages,
+ warnings, and errors sent to stderr. If called with the flags MESSAGE_EXIT
+ set, the routine does not return */
+-
+-#define MAX_MESSAGE 256 /* maximum formatted message length */
+-#define MAX_FORMAT 16 /* maximum format length */
+-#define MAX_COLUMN 78 /* maximum column to print upto */
+-
+ void message(int flags, char *format, ...)
+ {
+ va_list args ;
+- static column = 0 ; /* current screen column for message wrap */
+- char msgbuf[MAX_MESSAGE] ; /* buffer in which to put the message */
+- char *bufptr = msgbuf ; /* message buffer pointer */
+
+- if ( (flags & MESSAGE_NL) && column != 0 ) { /* new line if not already */
++ if ( flags & MESSAGE_NL ) { /* new line if not already */
+ putc('\n', stderr) ;
+- column = 0 ;
+ }
+-
++
+ if ( flags & MESSAGE_PROGRAM ) {
+- strcpy(bufptr, program) ;
+- bufptr += strlen(program) ;
+- *bufptr++ = ':' ;
+- *bufptr++ = ' ' ;
++ fprintf (stderr, "%s: ", program);
+ }
+
+ va_start(args, format) ;
+- if ( format != NULL ) {
+- char c ;
+- while ( (c = *format++) != '\0' ) {
+- if (c == '%') {
+- int done, longform, index ;
+- char fmtbuf[MAX_FORMAT] ;
+- longform = index = 0 ;
+- fmtbuf[index++] = c ;
+- do {
+- done = 1 ;
+- fmtbuf[index++] = c = *format++ ;
+- fmtbuf[index] = '\0' ;
+- switch (c) {
+- case '%':
+- *bufptr++ = '%' ;
+- case '\0':
+- break ;
+- case 'e': case 'E': case 'f': case 'g': case 'G':
+- {
+- double d = va_arg(args, double) ;
+- sprintf(bufptr, fmtbuf, d) ;
+- bufptr += strlen(bufptr) ;
+- }
+- break ;
+- case 'c': case 'd': case 'i': case 'o':
+- case 'p': case 'u': case 'x': case 'X':
+- if ( longform ) {
+- long l = va_arg(args, long) ;
+- sprintf(bufptr, fmtbuf, l) ;
+- } else {
+- int i = va_arg(args, int) ;
+- sprintf(bufptr, fmtbuf, i) ;
+- }
+- bufptr += strlen(bufptr) ;
+- break ;
+- case 's':
+- {
+- char *s = va_arg(args, char *) ;
+- sprintf(bufptr, fmtbuf, s) ;
+- bufptr += strlen(bufptr) ;
+- }
+- break ;
+- case 'l':
+- longform = 1 ;
+- /* FALLTHRU */
+- default:
+- done = 0 ;
+- }
+- } while ( !done ) ;
+- } else if ( c == '\n' ) { /* write out message so far and reset column */
+- int len = bufptr - msgbuf ; /* length of current message */
+- *bufptr++ = '\n' ;
+- *bufptr = '\0' ;
+- if ( column + len > MAX_COLUMN && column > 0 ) {
+- putc('\n', stderr) ;
+- column = 0 ;
+- }
+- fputs(bufptr = msgbuf, stderr) ;
+- column = 0 ;
+- } else
+- *bufptr++ = c ;
+- }
+- *bufptr = '\0' ;
+- {
+- int len = bufptr - msgbuf ; /* length of current message */
+- if ( column + len > MAX_COLUMN && column > 0 ) {
+- putc('\n', stderr) ;
+- column = 0 ;
+- }
+- fputs(msgbuf, stderr) ;
+- column += len ;
+- }
+- fflush(stderr) ;
+- }
++ if ( format != NULL )
++ vfprintf(stderr, format, args);
+ va_end(args) ;
+
++ fflush(stderr);
++
+ if ( flags & MESSAGE_EXIT ) /* don't return to program */
+ exit(1) ;
+ }