[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#157304: marked as done (dpkg: [PATCH] nfstrnsave reads 1 byte past end of allocated memory blocks)

Your message dated Sat, 31 Aug 2002 06:30:24 -0400
with message-id <E17l5WK-0005J9-00@auric.debian.org>
and subject line Bug#157304: fixed in dpkg 1.10.5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 19 Aug 2002 19:18:27 +0000
>From ldb@ldb.ods.org Mon Aug 19 14:18:27 2002
Return-path: <ldb@ldb.ods.org>
Received: from ppp-217-133-222-136.dialup.tiscali.it (home.ldb.ods.org) [] (foobar)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17gs2h-0001To-00; Mon, 19 Aug 2002 14:18:23 -0500
Received: from ldb by home.ldb.ods.org with local (Exim 3.35 #1 (Debian))
	id 17gs2b-0005zI-00; Mon, 19 Aug 2002 21:18:17 +0200
Subject: dpkg: [PATCH] nfstrnsave reads 1 byte past end of allocated memory blocks
From: "Luca Barbieri" <ldb@ldb.ods.org>
To: "Debian Bug Tracking System" <submit@bugs.debian.org>
X-Mailer: reportbug 1.99.50
Date: Mon, 19 Aug 2002 21:18:16 +0200
Message-Id: <E17gs2b-0005zI-00@home.ldb.ods.org>
Delivered-To: submit@bugs.debian.org

Package: dpkg
Version: 1.10.4
Severity: normal
Tags: patch

Hash: SHA1

obstack_copy0 automatically adds the null character and fixes the problem.

- --- dpkg-1.10.4/lib/nfmalloc.c~	2002-05-06 18:18:15.000000000 +0200
+++ dpkg-1.10.4/lib/nfmalloc.c	2002-08-19 21:07:10.000000000 +0200
@@ -59,8 +59,7 @@
 char *nfstrnsave(const char *string, int l) {
   char *ret;
- -  ret = obstack_copy (&db_obs, string, l + 1);
- -  *(ret + l) = 0;
+  ret = obstack_copy0 (&db_obs, string, l);
   return ret;

- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux ldb 2.4.18 #13 Thu May 30 17:49:58 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=it_IT@euro

Versions of packages dpkg depends on:
ii  dselect                       1.10.4     a user tool to manage Debian packa
ii  libc6                         2.2.5-14   GNU C Library: Shared libraries an

- -- no debconf information

Version: GnuPG v1.0.7 (GNU/Linux)


Received: (at 157304-close) by bugs.debian.org; 31 Aug 2002 10:38:41 +0000
>From rmurray@auric.debian.org Sat Aug 31 05:38:41 2002
Return-path: <rmurray@auric.debian.org>
Received: from auric.debian.org [] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17l5eL-0003A7-00; Sat, 31 Aug 2002 05:38:41 -0500
Received: from rmurray by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 17l5WK-0005J9-00; Sat, 31 Aug 2002 06:30:24 -0400
From: Adam Heath <doogie@debian.org>
To: 157304-close@bugs.debian.org
X-Katie: $Revision: 1.17 $
Subject: Bug#157304: fixed in dpkg 1.10.5
Message-Id: <E17l5WK-0005J9-00@auric.debian.org>
Sender: Ryan Murray <rmurray@auric.debian.org>
Date: Sat, 31 Aug 2002 06:30:24 -0400
Delivered-To: 157304-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

  to pool/main/d/dpkg/dpkg-dev_1.10.5_all.deb
  to pool/main/d/dpkg/dpkg-doc_1.10.5_all.deb
  to pool/main/d/dpkg/dpkg_1.10.5.dsc
  to pool/main/d/dpkg/dpkg_1.10.5.tar.gz
  to pool/main/d/dpkg/dpkg_1.10.5_i386.deb
  to pool/main/d/dpkg/dselect_1.10.5_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 157304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Adam Heath <doogie@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 16:43:15 -0500
Source: dpkg
Binary: dpkg-static dselect dpkg-dev dpkg-doc dpkg
Architecture: source all i386
Version: 1.10.5
Distribution: unstable
Urgency: low
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Adam Heath <doogie@debian.org>
 dpkg       - Package maintenance system for Debian
 dpkg-dev   - Package building tools for Debian
 dpkg-doc   - Dpkg Internals Documentation
 dselect    - a user tool to manage Debian packages
Closes: 147492 153769 154257 154503 154898 155362 156437 156545 157304 157453 157762
 dpkg (1.10.5) unstable; urgency=low
   * Fix segfault in md5sum if the file being checked doesn't exist.
     Closes: #154503.
   * Fix extraction of md5sum in dpkg-scanpackages.  Closes: #153769.
   * Handle directories better in md5sum.  Closes: #157453.
   * Fix read past buffer in lib/nfmalloc.c.  Closes: #157304.
   * Fix several read pass buffer bugs, and a memleak.  Closes: #155362.
   * Fix segfault when --auto-deconfigure is given.  Closes: #157762.
   * Allow spaces between the end of a version, and the trailing ')'.
     Closes: #154898.
   * Fixes for HURD:  Closes: #156545
     * Add i386-gnu0.3 to archtable.
     * Fix handling of static compiles, with regard to zlib.
   * Previous install-infos(before 1.10) handled multiple dir file entries,
     because they would copy the entire stanza unmodified.  The newest
     version does not do this, as it reformats the options, and thereby
     only takes the first line.  So, we now split all the lines from the
     stanza, and process them all.  Closes: #147492.
   * Fix corruption of available file, caused by use of memory that was
     previously freed.  Closes: #154257.
   * Fix several minor memleaks.
   * Remove /usr/sbin/start-stop-daemon.  Closes: #156437.
 8ca73db018cab82b48c6417138d456cb 716 base required dpkg_1.10.5.dsc
 4eebb8207cbb172e96dd8e4c258663dc 1568097 base required dpkg_1.10.5.tar.gz
 8878555aaf21faeecb6efaace48caac4 1136194 base required dpkg_1.10.5_i386.deb
 97a0772ce9ea2aff0678fe747e6d1303 89588 base required dselect_1.10.5_i386.deb
 5fe280f17cf726fbe1c0aec5f7c9e6bc 1126796 byhand - dpkg-1.10.5_i386.nondebbin.tar.gz
 83d81f422079ae537854124b91b15747 1628852 byhand - dpkg-1.10.5_i386-static.nondebbin.tar.gz
 ffdfb744fe93761ce05798185bbaccbc 111730 utils standard dpkg-dev_1.10.5_all.deb
 d54cda2f79bbbbdc9d73842825830dcd 10692 doc optional dpkg-doc_1.10.5_all.deb
 4eebb8207cbb172e96dd8e4c258663dc 1568097 byhand - dpkg-1.10.5.tar.gz

Version: GnuPG v1.0.7 (GNU/Linux)


Reply to: