[Pkg-dspam-commits] [dspam] 01/04: [patch] enhance cssclean to fix corrupted css file
Thomas Preud'homme
robotux at moszumanska.debian.org
Tue Nov 26 16:18:24 UTC 2013
This is an automated email from the git hooks/post-receive script.
robotux pushed a commit to branch master
in repository dspam.
commit 0db743e9284dbcbf8850417eea23e8c7baf662ef
Author: Thomas Preud'homme <robotux at celest.fr>
Date: Tue Nov 26 18:27:30 2013 +0800
[patch] enhance cssclean to fix corrupted css file
---
debian/changelog | 2 +
.../012_dont_read_past_end_of_css_files.diff | 51 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 54 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index e8ba441..62dc972 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dspam (3.10.2+dfsg-12) UNRELEASED; urgency=low
* Close stdin, stdout and stderr when launching dspam daemon in dspam init
script as dspam fails to do so (Closes: #726713).
+ * debian/patches:
+ + Enhance cssclean to fix corrupted css file (Closes: #722485).
-- Thomas Preud'homme <robotux at debian.org> Fri, 18 Oct 2013 22:37:20 +0800
diff --git a/debian/patches/012_dont_read_past_end_of_css_files.diff b/debian/patches/012_dont_read_past_end_of_css_files.diff
new file mode 100644
index 0000000..ca98cfd
--- /dev/null
+++ b/debian/patches/012_dont_read_past_end_of_css_files.diff
@@ -0,0 +1,51 @@
+From: Thomas Preud'homme <robotux at celest.fr>
+Subject: don't read past the end of css files
+
+Currently, dspam's code assumes css files are well formed. It will thus
+check wether a record exist or not by comparing its position against
+the maximum number of records stored in the header. In the case of a
+corrupted header, that check could return true and the code access data
+beyond the end of the file, leading to a segmentation fault. This patch
+enhance cssclean to fix this kind of corruption.
+
+Origin: vendor
+Bug: https://sourceforge.net/p/dspam/bug-tracker/170/
+Bug-Debian: http://bugs.debian.org/722485
+Last-Update: 2013-11-26
+---
+ src/tools.hash_drv/cssclean.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools.hash_drv/cssclean.c b/src/tools.hash_drv/cssclean.c
+index b3f6264..2f1209b 100644
+--- a/src/tools.hash_drv/cssclean.c
++++ b/src/tools.hash_drv/cssclean.c
+@@ -189,7 +189,7 @@ int cssclean(const char *filename, int heavy) {
+ filepos = sizeof(struct _hash_drv_header);
+ header = old.addr;
+ while(filepos < old.file_len) {
+- for(i=0;i<header->hash_rec_max;i++) {
++ for(i=0;i<header->hash_rec_max&&filepos+sizeof(*rec)-1<=old.file_len;i++) {
+ rec = (void *)((unsigned long) old.addr + filepos);
+
+ nonspam = rec->nonspam & 0x0fffffff;
+@@ -232,12 +232,18 @@ int cssclean(const char *filename, int heavy) {
+ }
+ filepos += sizeof(struct _hash_drv_spam_record);
+ }
++ if (i<header->hash_rec_max) {
++ LOG(LOG_INFO, "css file was corrupted, fixing it now");
++ if (header == old.addr)
++ old.header->hash_rec_max = i;
++ else
++ header->hash_rec_max = i;
++ }
+ offset = (void *)((unsigned long) old.addr + filepos);
+ header = offset;
+ filepos += sizeof(struct _hash_drv_header);
+ }
+
+- bcopy (old.header, new.header, sizeof(struct _hash_drv_header));
+ _hash_drv_close(&new);
+ _hash_drv_close(&old);
+ if (rename(newfile, filename) < 0)
diff --git a/debian/patches/series b/debian/patches/series
index 0d32e11..dfd7200 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff
010_set_legacy_escape_strings.diff
011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff
+012_dont_read_past_end_of_css_files.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-dspam/dspam.git
More information about the Pkg-dspam-commits
mailing list