ohnobinki_overlay Files · app-text/tetex/files/tetex-3.0_p1-CVE-2007-0650.patch

Files @ 3b9c9177a50b

Branch filter:

Location: ohnobinki_overlay/app-text/tetex/files/tetex-3.0_p1-CVE-2007-0650.patch - annotation

3b9c9177a50b 2.6 KiB text/x-diff Show Source Show as Raw Download as Raw

binki

dev-embedded/phidget: Removed old versions and patch, fixed ebuild syntax, commented on each patch's function.

5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73
5a1af5749a73

--- tetex-src-3.0/texk/makeindexk/mkind.c.CVE-2007-0650	2002-10-02 14:26:37.000000000 +0200
+++ tetex-src-3.0/texk/makeindexk/mkind.c	2007-02-02 12:29:31.000000000 +0100
@@ -179,7 +179,9 @@
 		    argc--;
 		    if (argc <= 0)
 			FATAL("Expected -p <num>\n","");
-		    strcpy(pageno, *++argv);
+		    if (strlen(*++argv) >= sizeof(pageno))
+			FATAL("Page number too high\n","");
+		    strcpy(pageno, *argv);
 		    init_page = TRUE;
 		    if (STREQ(pageno, EVEN)) {
 			log_given = TRUE;
@@ -230,7 +232,7 @@
 		char tmp[STRING_MAX + 5];
 		
 		/* base set by last call to check_idx */
-		sprintf (tmp, "%s%s", base, INDEX_STY);
+		snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);
 		if (0 == access(tmp, R_OK)) {
 			open_sty (tmp);
 			sty_given = TRUE;
@@ -405,9 +407,9 @@
 		    STRING_MAX,totmem);
 #endif /* DEBUG */
 
-	    if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)
+	    if ((idx_fn = (char *) malloc(STRING_MAX+5)) == NULL)
 		FATAL("Not enough core...abort.\n", "");
-	    sprintf(idx_fn, "%s%s", base, INDEX_IDX);
+	    snprintf(idx_fn, STRING_MAX+5, "%s%s", base, INDEX_IDX);
 	    if ((open_fn && 
 	 ((idx_fp = OPEN_IN(idx_fn)) == NULL)
 	) ||
@@ -434,7 +436,7 @@
 
     /* index output file */
     if (!ind_given) {
-	sprintf(ind, "%s%s", base, INDEX_IND);
+	snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);
 	ind_fn = ind;
     }
     if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
@@ -442,14 +444,14 @@
 
     /* index transcript file */
     if (!ilg_given) {
-	sprintf(ilg, "%s%s", base, INDEX_ILG);
+	snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);
 	ilg_fn = ilg;
     }
     if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)
 	FATAL("Can't create transcript file %s.\n", ilg_fn);
 
     if (log_given) {
-	sprintf(log_fn, "%s%s", base, INDEX_LOG);
+	snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);
 	if ((log_fp = OPEN_IN(log_fn)) == NULL) {
 	    FATAL("Source log file %s not found.\n", log_fn);
 	} else {
@@ -505,6 +507,9 @@
   if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
      FATAL("Index style file %s not found.\n", fn);
   } else {
+    if (strlen(found) >= sizeof(sty_fn)) {
+      FATAL("Style file %s too long.\n", found);
+    }
     strcpy(sty_fn,found);
     if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
       FATAL("Could not open style file %s.\n", sty_fn);
@@ -512,6 +517,9 @@
   }
 #else
     if ((path = getenv(STYLE_PATH)) == NULL) {
+        if (strlen(fn) >= sizeof(sty_fn)) {
+          FATAL("Style file %s too long.\n", fn);
+        }
 	/* style input path not defined */
 	strcpy(sty_fn, fn);
 	sty_fp = OPEN_IN(sty_fn);