[Pkg-dspam-commits] [dspam] 01/04: Add patch to fix segfault with malformed css file
Thomas Preud'homme
robotux at alioth.debian.org
Tue Sep 10 13:29:28 UTC 2013
This is an automated email from the git hooks/post-receive script.
robotux pushed a commit to branch master
in repository dspam.
commit 84d418622b89f181d81b2afda7eccb9e5e493701
Author: Thomas Preud'homme <robotux at celest.fr>
Date: Tue Sep 10 14:35:40 2013 +0200
Add patch to fix segfault with malformed css file
---
debian/changelog | 2 ++
...2_cssclean_dont_read_past_end_of_css_files.diff | 30 ++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 33 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index d59821c..a1112f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dspam (3.10.2+dfsg-9) UNRELEASED; urgency=low
* Add patch 011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff to
fix Hurd FTBFS.
+ * Add patch 012_cssclean_dont_read_past_end_of_css_files.diff to prevent
+ segfault of cssclean in case of malformed css file (Closes: #722057).
-- Thomas Preud'homme <robotux at debian.org> Sat, 07 Sep 2013 23:28:37 +0200
diff --git a/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff b/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff
new file mode 100644
index 0000000..80b617b
--- /dev/null
+++ b/debian/patches/012_cssclean_dont_read_past_end_of_css_files.diff
@@ -0,0 +1,30 @@
+From: Thomas Preud'homme <robotux at celest.fr>
+Subject: cssclean: don't read past the end of css files
+
+Currently, cssclean assumes css files are well formed. For each header
+encountered, it thus iterates over all the records the header claims to
+be present. However, if the header is corrupted, cssclean will read past
+the end of the css file being cleaned. This patch adds a safeguard
+against such a situation.
+
+Origin: vendor
+Bug: https://sourceforge.net/p/dspam/bug-tracker/170/
+Bug-Debian: http://bugs.debian.org/722057
+Last-Update: 2013-09-10
+---
+ src/tools.hash_drv/cssclean.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tools.hash_drv/cssclean.c b/src/tools.hash_drv/cssclean.c
+index b3f6264..6889cda 100644
+--- a/src/tools.hash_drv/cssclean.c
++++ b/src/tools.hash_drv/cssclean.c
+@@ -189,7 +189,7 @@ int cssclean(const char *filename, int heavy) {
+ filepos = sizeof(struct _hash_drv_header);
+ header = old.addr;
+ while(filepos < old.file_len) {
+- for(i=0;i<header->hash_rec_max;i++) {
++ for(i=0;i<header->hash_rec_max && filepos+sizeof(*rec)-1<=old.file_len;i++) {
+ rec = (void *)((unsigned long) old.addr + filepos);
+
+ nonspam = rec->nonspam & 0x0fffffff;
diff --git a/debian/patches/series b/debian/patches/series
index 0d32e11..9da546e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff
010_set_legacy_escape_strings.diff
011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff
+012_cssclean_dont_read_past_end_of_css_files.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-dspam/dspam.git
More information about the Pkg-dspam-commits
mailing list