[sextractor] 06/08: Fix format security errors

Ole Streicher olebole-guest at moszumanska.debian.org
Fri Mar 21 09:54:31 UTC 2014 

This is an automated email from the git hooks/post-receive script.

olebole-guest pushed a commit to branch debian
in repository sextractor.

commit 74ff5e92cf2639edc86e23874a143f3bac704a45
Author: Ole Streicher <debian at liska.ath.cx>
Date:   Fri Mar 21 10:37:47 2014 +0100

    Fix format security errors
---
 debian/patches/fix_format_errors.patch | 65 ++++++++++++++++++++++++++++++++++
 debian/patches/series                  |  1 +
 2 files changed, 66 insertions(+)

diff --git a/debian/patches/fix_format_errors.patch b/debian/patches/fix_format_errors.patch
new file mode 100644
index 0000000..c20ce31
--- /dev/null
+++ b/debian/patches/fix_format_errors.patch
@@ -0,0 +1,65 @@
+Author: Ole Streicher <debian at liska.ath.cx>
+Description: Fix format security errors
+--- a/src/catout.c
++++ b/src/catout.c
+@@ -999,7 +999,7 @@
+       break;
+ 
+     case ASCII_SKYCAT:
+-      fprintf(ascfile, skycattail);
++	fprintf(ascfile, "%s", skycattail);
+       if (!prefs.pipe_flag)
+         fclose(ascfile);
+       break;
+--- a/src/xml.c
++++ b/src/xml.c
+@@ -696,7 +696,7 @@
+ 		name, ucd);
+       break;
+     case P_STRING:
+-      sprintf(value, (char *)key[i].ptr);
++	sprintf(value, "%s", (char *)key[i].ptr);
+       fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
+ 	" ucd=\"%s\" value=\"%s\"/>\n",
+ 	name, ucd, *value? value: " ");
+@@ -705,13 +705,13 @@
+       n = *(key[i].nlistptr);
+       if (n)
+         {
+-        sprintf(value, ((char **)key[i].ptr)[0]);
++        sprintf(value, "%s", ((char **)key[i].ptr)[0]);
+         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
+ 		" arraysize=\"*\" ucd=\"%s\" value=\"%s",
+ 		name, ucd, *value? value: " ");
+         for (j=1; j<n; j++)
+           {
+-          sprintf(value, ((char **)key[i].ptr)[j]);
++          sprintf(value, "%s", ((char **)key[i].ptr)[j]);
+           fprintf(file, ",%s", *value? value: " ");
+           }
+         fprintf(file, "\"/>\n");
+@@ -722,7 +722,7 @@
+ 		name, ucd);
+       break;
+     case P_KEY:
+-      sprintf(value, key[i].keylist[*((int *)key[i].ptr)]);
++      sprintf(value, "%s", key[i].keylist[*((int *)key[i].ptr)]);
+       fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
+ 	" ucd=\"%s\" value=\"%s\"/>\n",
+ 	name, ucd, value);
+@@ -731,13 +731,13 @@
+       n = *(key[i].nlistptr);
+       if (n)
+         {
+-        sprintf(value, key[i].keylist[((int *)key[i].ptr)[0]]);
++        sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[0]]);
+         fprintf(file, "   <PARAM name=\"%s\" datatype=\"char\""
+ 		" arraysize=\"*\" ucd=\"%s\" value=\"%s",
+ 		name, ucd, value);
+         for (j=1; j<n; j++)
+           {
+-          sprintf(value, key[i].keylist[((int *)key[i].ptr)[j]]);
++          sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[j]]);
+           fprintf(file, ",%s", value);
+           }
+         fprintf(file, "\"/>\n");
diff --git a/debian/patches/series b/debian/patches/series
index c28e3b1..fc664d1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ have_malloc.patch
 have_mmap.patch
 rename_executable.patch
 fix-manpage.patch
+fix_format_errors.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/sextractor.git

More information about the debian-science-commits mailing list