|
 |
b594532 |
#! /bin/sh -e
|
|
|
b594532 |
## 17_security-sprintf.dpatch
|
|
|
b594532 |
##
|
|
|
b594532 |
## DP: Description: Fix unsafe sprintf usage. (#332524)
|
|
|
b594532 |
## DP: Author: James Troup <james@nocrew.org>
|
|
|
b594532 |
## DP: Upstream status: Not submitted
|
|
|
b594532 |
## DP: URL: http://msgs.securepoint.com/cgi-bin/get/bugtraq0510/57.html
|
|
|
b594532 |
## DP: Date: 2005-10-07
|
|
|
b594532 |
|
|
|
b594532 |
if [ $# -ne 1 ]; then
|
|
|
b594532 |
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
|
|
|
b594532 |
exit 1
|
|
|
b594532 |
fi
|
|
|
b594532 |
case "$1" in
|
|
|
b594532 |
-patch) patch -f --no-backup-if-mismatch -p1 < $0;;
|
|
|
b594532 |
-unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;;
|
|
|
b594532 |
*)
|
|
|
b594532 |
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
|
|
|
b594532 |
exit 1;;
|
|
|
b594532 |
esac
|
|
|
b594532 |
|
|
|
b594532 |
exit 0
|
|
|
b594532 |
|
|
|
b594532 |
@DPATCH@
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./mcidas.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/mcidas.c
|
|
|
b594532 |
--- ./mcidas.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/mcidas.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -63,7 +63,7 @@
|
|
|
b594532 |
minute = (time % 10000) / 100;
|
|
|
b594532 |
second = (time % 100);
|
|
|
b594532 |
|
|
|
b594532 |
- sprintf(buf, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
|
|
|
b594532 |
+ snprintf(buf, 29, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
|
|
|
b594532 |
hour, minute, second, month_info[month].name, day, year,
|
|
|
b594532 |
(date % 1000));
|
|
|
b594532 |
return(buf);
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./reduce.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/reduce.c
|
|
|
b594532 |
--- ./reduce.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/reduce.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -501,7 +501,7 @@
|
|
|
b594532 |
|
|
|
b594532 |
depth= colorsToDepth(n);
|
|
|
b594532 |
new_image= newRGBImage(image->width, image->height, depth);
|
|
|
b594532 |
- sprintf(buf, "%s (%d colors)", image->title, n);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (%d colors)", image->title, n);
|
|
|
b594532 |
new_image->title= dupString(buf);
|
|
|
b594532 |
|
|
|
b594532 |
/* calculate RGB table from each color area. this should really calculate
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./rotate.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/rotate.c
|
|
|
b594532 |
--- ./rotate.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/rotate.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -70,7 +70,7 @@
|
|
|
b594532 |
{ printf(" Rotating image by %d degrees...", degrees);
|
|
|
b594532 |
fflush(stdout);
|
|
|
b594532 |
}
|
|
|
b594532 |
- sprintf(buf, "%s (rotated by %d degrees)", simage->title, degrees);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (rotated by %d degrees)", simage->title, degrees);
|
|
|
b594532 |
|
|
|
b594532 |
image1 = simage;
|
|
|
b594532 |
image2 = NULL;
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./tiff.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/tiff.c
|
|
|
b594532 |
--- ./tiff.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/tiff.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -125,14 +125,14 @@
|
|
|
b594532 |
switch (info->photometric) {
|
|
|
b594532 |
case PHOTOMETRIC_MINISBLACK:
|
|
|
b594532 |
if (info->bitspersample > 1) {
|
|
|
b594532 |
- sprintf(buf, "%d-bit greyscale ", info->bitspersample);
|
|
|
b594532 |
+ snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
|
|
|
b594532 |
return(buf);
|
|
|
b594532 |
}
|
|
|
b594532 |
else
|
|
|
b594532 |
return "white-on-black ";
|
|
|
b594532 |
case PHOTOMETRIC_MINISWHITE:
|
|
|
b594532 |
if (info->bitspersample > 1) {
|
|
|
b594532 |
- sprintf(buf, "%d-bit greyscale ", info->bitspersample);
|
|
|
b594532 |
+ snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
|
|
|
b594532 |
return(buf);
|
|
|
b594532 |
}
|
|
|
b594532 |
else
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./window.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/window.c
|
|
|
b594532 |
--- ./window.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/window.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -602,7 +602,7 @@
|
|
|
b594532 |
else {
|
|
|
b594532 |
char def_geom[30];
|
|
|
b594532 |
|
|
|
b594532 |
- sprintf(def_geom, "%ux%u+0+0", image->width, image->height);
|
|
|
b594532 |
+ snprintf(def_geom, 29, "%ux%u+0+0", image->width, image->height);
|
|
|
b594532 |
XGeometry(disp, scrn, opt->info.geometry.string, def_geom, 0, 1, 1, 0, 0,
|
|
|
b594532 |
(int *)&winx, (int *)&winy, (int *)&winwidth, (int *)&winheight);
|
|
|
b594532 |
}
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./zio.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/zio.c
|
|
|
b594532 |
--- ./zio.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/zio.c 2005-10-08 04:15:28.000000000 +0100
|
|
|
b594532 |
@@ -232,7 +232,7 @@
|
|
|
b594532 |
strcpy (s, "'");
|
|
|
b594532 |
debug(("Filtering image through '%s'\n", filter->filter));
|
|
|
b594532 |
zf->type= ZPIPE;
|
|
|
b594532 |
- sprintf(buf, "%s %s", filter->filter, fname);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s %s", filter->filter, fname);
|
|
|
b594532 |
lfree (fname);
|
|
|
b594532 |
if (! (zf->stream= popen(buf, "r"))) {
|
|
|
b594532 |
lfree((byte *)zf->filename);
|
|
|
b594532 |
diff -urNad --exclude=CVS --exclude=.svn ./zoom.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/zoom.c
|
|
|
b594532 |
--- ./zoom.c 2005-10-08 04:15:18.000000000 +0100
|
|
|
b594532 |
+++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/zoom.c 2005-10-08 04:15:19.000000000 +0100
|
|
|
b594532 |
@@ -63,23 +63,23 @@
|
|
|
b594532 |
if (!xzoom) {
|
|
|
b594532 |
if (verbose)
|
|
|
b594532 |
printf(" Zooming image Y axis by %d%%...", yzoom);
|
|
|
b594532 |
- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (Y zoom %d%%)", oimage->title, yzoom);
|
|
|
b594532 |
}
|
|
|
b594532 |
else if (!yzoom) {
|
|
|
b594532 |
if (verbose)
|
|
|
b594532 |
printf(" Zooming image X axis by %d%%...", xzoom);
|
|
|
b594532 |
- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%%)", oimage->title, xzoom);
|
|
|
b594532 |
}
|
|
|
b594532 |
else if (xzoom == yzoom) {
|
|
|
b594532 |
if (verbose)
|
|
|
b594532 |
printf(" Zooming image by %d%%...", xzoom);
|
|
|
b594532 |
- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (%d%% zoom)", oimage->title, xzoom);
|
|
|
b594532 |
}
|
|
|
b594532 |
else {
|
|
|
b594532 |
if (verbose)
|
|
|
b594532 |
printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
|
|
|
b594532 |
xzoom, yzoom);
|
|
|
b594532 |
- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
|
|
|
b594532 |
+ snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
|
|
|
b594532 |
xzoom, yzoom);
|
|
|
b594532 |
}
|
|
|
b594532 |
if (verbose)
|