iFix buffer overflow in dump_ps_page_header - enscript - GNU Enscript Err thinkerwim.openbsd.amsterdam 70 hgit clone git://thinkerwim.org/enscript.git URL:git://thinkerwim.org/enscript.git thinkerwim.org 70 1Log /git/enscript/log.gph thinkerwim.org 70 1Files /git/enscript/files.gph thinkerwim.org 70 1Refs /git/enscript/refs.gph thinkerwim.org 70 1README /git/enscript/file/README.gph thinkerwim.org 70 1LICENSE /git/enscript/file/COPYING.gph thinkerwim.org 70 i--- Err thinkerwim.openbsd.amsterdam 70 1commit 0acc7b63a1be9f5d02f1a21d6df52cb5a9ce7e58 /git/enscript/commit/0acc7b63a1be9f5d02f1a21d6df52cb5a9ce7e58.gph thinkerwim.org 70 1parent a3e6bf57e48bb7434cdd590732e221fd2e0b4c17 /git/enscript/commit/a3e6bf57e48bb7434cdd590732e221fd2e0b4c17.gph thinkerwim.org 70 hAuthor: Tim Retout URL:mailto:diocles@gnu.org thinkerwim.org 70 iDate: Sat, 28 Mar 2009 13:04:32 +0000 Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iFix buffer overflow in dump_ps_page_header Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iDiffstat: Err thinkerwim.openbsd.amsterdam 70 i M src/ChangeLog | 3 +++ Err thinkerwim.openbsd.amsterdam 70 i M src/psgen.c | 32 ++++++++++--------------------- Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i2 files changed, 13 insertions(+), 22 deletions(-) Err thinkerwim.openbsd.amsterdam 70 i--- Err thinkerwim.openbsd.amsterdam 70 1diff --git a/src/ChangeLog b/src/ChangeLog /git/enscript/file/src/ChangeLog.gph thinkerwim.org 70 i@@ -5,6 +5,9 @@ Err thinkerwim.openbsd.amsterdam 70 i disabled in most distros for five years anyway. See Err thinkerwim.openbsd.amsterdam 70 i CAN-2004-1185. Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i+ * psgen.c (dump_ps_page_header): Use basename() and dirname() to Err thinkerwim.openbsd.amsterdam 70 i+ split path. Fixes a buffer overflow - see CAN-2004-1186. Err thinkerwim.openbsd.amsterdam 70 i+ Err thinkerwim.openbsd.amsterdam 70 i 2009-01-25 Tim Retout Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i * main.c (main): Respect $HOME when searching for ~/.enscriptrc Err thinkerwim.openbsd.amsterdam 70 1diff --git a/src/psgen.c b/src/psgen.c /git/enscript/file/src/psgen.c.gph thinkerwim.org 70 i@@ -23,6 +23,7 @@ Err thinkerwim.openbsd.amsterdam 70 i */ Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i #include "gsint.h" Err thinkerwim.openbsd.amsterdam 70 i+#include Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i /* Err thinkerwim.openbsd.amsterdam 70 i * Types and definitions. Err thinkerwim.openbsd.amsterdam 70 i@@ -2006,8 +2007,7 @@ get_next_token (InputStream *is, double linestart, double linepos, Err thinkerwim.openbsd.amsterdam 70 i static void Err thinkerwim.openbsd.amsterdam 70 i dump_ps_page_header (char *fname, int empty) Err thinkerwim.openbsd.amsterdam 70 i { Err thinkerwim.openbsd.amsterdam 70 i- char buf[512]; Err thinkerwim.openbsd.amsterdam 70 i- char *ftail; Err thinkerwim.openbsd.amsterdam 70 i+ char *dirc, *basec, *fdir, *ftail; Err thinkerwim.openbsd.amsterdam 70 i int got, i; Err thinkerwim.openbsd.amsterdam 70 i char *cp, *cp2; Err thinkerwim.openbsd.amsterdam 70 i char *cstr = "%%"; Err thinkerwim.openbsd.amsterdam 70 i@@ -2016,25 +2016,11 @@ dump_ps_page_header (char *fname, int empty) Err thinkerwim.openbsd.amsterdam 70 i /* The N-up printing sub-page. */ Err thinkerwim.openbsd.amsterdam 70 i nup_subpage = (total_pages - 1) % nup; Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i- /* Create fdir and ftail. */ Err thinkerwim.openbsd.amsterdam 70 i- ftail = strrchr (fname, '/'); Err thinkerwim.openbsd.amsterdam 70 i- Err thinkerwim.openbsd.amsterdam 70 i-#if defined(WIN32) Err thinkerwim.openbsd.amsterdam 70 i- if (ftail == NULL) Err thinkerwim.openbsd.amsterdam 70 i- ftail = strrchr (fname, '\\'); Err thinkerwim.openbsd.amsterdam 70 i-#endif /* WIN32 */ Err thinkerwim.openbsd.amsterdam 70 i- Err thinkerwim.openbsd.amsterdam 70 i- if (ftail == NULL) Err thinkerwim.openbsd.amsterdam 70 i- { Err thinkerwim.openbsd.amsterdam 70 i- buf[0] = '\0'; Err thinkerwim.openbsd.amsterdam 70 i- ftail = fname; Err thinkerwim.openbsd.amsterdam 70 i- } Err thinkerwim.openbsd.amsterdam 70 i- else Err thinkerwim.openbsd.amsterdam 70 i- { Err thinkerwim.openbsd.amsterdam 70 i- ftail++; Err thinkerwim.openbsd.amsterdam 70 i- strncpy (buf, fname, ftail - fname); Err thinkerwim.openbsd.amsterdam 70 i- buf[ftail - fname] = '\0'; Err thinkerwim.openbsd.amsterdam 70 i- } Err thinkerwim.openbsd.amsterdam 70 i+ /* Split fname into fdir and ftail. */ Err thinkerwim.openbsd.amsterdam 70 i+ dirc = strdup(fname); Err thinkerwim.openbsd.amsterdam 70 i+ basec = strdup(fname); Err thinkerwim.openbsd.amsterdam 70 i+ fdir = dirname(dirc); Err thinkerwim.openbsd.amsterdam 70 i+ ftail = basename(basec); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i if (nup > 1) Err thinkerwim.openbsd.amsterdam 70 i { Err thinkerwim.openbsd.amsterdam 70 i@@ -2180,13 +2166,15 @@ dump_ps_page_header (char *fname, int empty) Err thinkerwim.openbsd.amsterdam 70 i OUTPUT ((cofp, "/fname (%s) def\n", cp)); Err thinkerwim.openbsd.amsterdam 70 i xfree (cp); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i- cp = escape_string (buf); Err thinkerwim.openbsd.amsterdam 70 i+ cp = escape_string (fdir); Err thinkerwim.openbsd.amsterdam 70 i OUTPUT ((cofp, "/fdir (%s) def\n", cp)); Err thinkerwim.openbsd.amsterdam 70 i xfree (cp); Err thinkerwim.openbsd.amsterdam 70 i+ xfree (dirc); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i cp = escape_string (ftail); Err thinkerwim.openbsd.amsterdam 70 i OUTPUT ((cofp, "/ftail (%s) def\n", cp)); Err thinkerwim.openbsd.amsterdam 70 i xfree (cp); Err thinkerwim.openbsd.amsterdam 70 i+ xfree (basec); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i /* Do we have a pending ^@font{} font? */ Err thinkerwim.openbsd.amsterdam 70 i if (user_fontp) Err thinkerwim.openbsd.amsterdam 70 .