[Pkg-dspam-commits] [dspam] 01/04: Add patch to fix segfault with malformed css file

Tue Sep 10 13:29:28 UTC 2013

This is an automated email from the git hooks/post-receive script.

robotux pushed a commit to branch master
in repository dspam.

commit 84d418622b89f181d81b2afda7eccb9e5e493701
Author: Thomas Preud'homme <robotux at celest.fr>
Date:   Tue Sep 10 14:35:40 2013 +0200

    Add patch to fix segfault with malformed css file
---
 debian/changelog                                   |    2 ++
 ...2_cssclean_dont_read_past_end_of_css_files.diff |   30 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 3 files changed, 33 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index d59821c..a1112f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dspam (3.10.2+dfsg-9) UNRELEASED; urgency=low
 
   * Add patch 011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff to
     fix Hurd FTBFS.
+  * Add patch 012_cssclean_dont_read_past_end_of_css_files.diff to prevent
+    segfault of cssclean in case of malformed css file (Closes: #722057).
 
  -- Thomas Preud'homme <robotux at debian.org>  Sat, 07 Sep 2013 23:28:37 +0200
 
diff --git a/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff b/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff
new file mode 100644
index 0000000..80b617b
--- /dev/null
+++ b/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff
@@ -0,0 +1,30 @@
+From: Thomas Preud'homme <robotux at celest.fr>
+Subject: cssclean: don't read past the end of css files
+
+Currently, cssclean assumes css files are well formed. For each header
+encountered, it thus iterates over all the records the header claims to
+be present. However, if the header is corrupted, cssclean will read past
+the end of the css file being cleaned. This patch adds a safeguard
+against such a situation.
+
+Origin: vendor
+Bug: https://sourceforge.net/p/dspam/bug-tracker/170/
+Bug-Debian: http://bugs.debian.org/722057
+Last-Update: 2013-09-10
+---
+ src/tools.hash_drv/cssclean.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tools.hash_drv/cssclean.c b/src/tools.hash_drv/cssclean.c
+index b3f6264..6889cda 100644
+--- a/src/tools.hash_drv/cssclean.c
++++ b/src/tools.hash_drv/cssclean.c
+@@ -189,7 +189,7 @@ int cssclean(const char *filename, int heavy) {
+   filepos = sizeof(struct _hash_drv_header);
+   header = old.addr;
+   while(filepos < old.file_len) {
+-    for(i=0;i<header->hash_rec_max;i++) {
++    for(i=0;i<header->hash_rec_max && filepos+sizeof(*rec)-1<=old.file_len;i++) {
+       rec = (void *)((unsigned long) old.addr + filepos);
+ 
+       nonspam = rec->nonspam & 0x0fffffff;
diff --git a/debian/patches/series b/debian/patches/series
index 0d32e11..9da546e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff
 010_set_legacy_escape_strings.diff
 011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff
+012_cssclean_dont_read_past_end_of_css_files.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-dspam/dspam.git

