[eso-midas] 01/01: Make sure klaus is zero-terminated in esoext.c

[Ole Streicher]

This is an automated email from the git hooks/post-receive script.

olebole pushed a commit to branch debian
in repository eso-midas.

commit 6d85f86b76769e9d65ab7f413d6e76817ced964e
Author: Ole Streicher <debian at liska.ath.cx>
Date:   Fri Apr 3 16:48:16 2015 +0200

    Make sure klaus is zero-terminated in esoext.c
---
 debian/patches/fix_esoext_i8flag.patch | 38 ++++++++++++++++++++++++++++++++++
 debian/patches/series                  |  1 +
 2 files changed, 39 insertions(+)

diff --git a/debian/patches/fix_esoext_i8flag.patch b/debian/patches/fix_esoext_i8flag.patch
new file mode 100644
index 0000000..d5f6063
--- /dev/null
+++ b/debian/patches/fix_esoext_i8flag.patch
@@ -0,0 +1,38 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Make sure klaus is zero-terminated
+ Also, it seems that for the normal case, the copy process was just one byte 
+ too small.
+ .
+ This shall fix the following crash (on 32-bit architectures; tested on i386).
+ The crash seems to appear before a warning like the following is printed:
+ .
+   esoext-warning: MADRID with missing pointer (1)
+   >  MADRID(1)=123456
+ .
+  ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffa14138 at pc 0x8050b68 bp 0xffa140b8 sp 0xffa140a
+  READ of size 1 at 0xffa14138 thread T0
+    #0 0x8050b67 in CGN_INDEXC system/ext/putline.c:125
+    #1 0x8050b67 in put_line system/ext/putline.c:326
+    #2 0x80495b8 in main system/ext/esoext.c:268
+    #3 0xf70c1722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)
+    #4 0x804a34f (system/exec/esoext.exe+0x804a34f)
+ .
+  Address 0xffa14138 is located in stack of thread T0 at offset 56 in frame
+    #0 0x804fc5f in put_line system/ext/putline.c:239
+ .
+  This frame has 2 object(s):
+    [32, 56) 'klaus' <== Memory access at offset 56 overflows this variable
+    [96, 1417) 'ulli'
+
+--- a/system/ext/putline.c
++++ b/system/ext/putline.c
+@@ -315,7 +315,8 @@
+      while ((n = CGN_INDEXS(ipntr,"MADRID")) > -1)
+         {
+         if (strncmp(ipntr,"COMMON",6) == 0) break;
+-        (void) CGN_UPCOPY(klaus,ipntr+n+7,20);
++        (void) CGN_UPCOPY(klaus,ipntr+n+7,21);
++	klaus[21] = '\0'; /* make sure that klaus is zero-terminated */
+         i = CGN_INDEXC(klaus,')');
+         if (i < 1)
+            {
diff --git a/debian/patches/series b/debian/patches/series
index bdcd24b..1a861fc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -37,3 +37,4 @@ fix_scfclo.patch
 fix_mid_rdldb.patch
 fix_statis_for.patch
 fix_selechar_c.patch
+fix_esoext_i8flag.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-astro/packages/eso-midas.git