Please accept dwm-tools

To: debian-release@lists.debian.org
Subject: Please accept dwm-tools
From: Daniel Baumann <daniel.baumann@panthera-systems.net>
Date: Sat, 13 Jan 2007 15:59:09 +0100
Message-id: <[🔎] 45A8F3BD.6000209@panthera-systems.net>
Reply-to: debian-release@lists.debian.org

Hi,

slock in dwm-tools does have a potential buffer overflow. Upload for sid
is already done, the one for testing is ready too. Please allow me to
upload it, debdiff is attached.

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/

diff -u dwm-tools-2/debian/changelog dwm-tools-2/debian/changelog
--- dwm-tools-2/debian/changelog
+++ dwm-tools-2/debian/changelog
@@ -1,3 +1,9 @@
+dwm-tools (2-3) testing; urgency=high
+
+  * Applied 98-slock-bo.patch from slock 0.4 to fix potential buffer overflow.
+
+ -- Daniel Baumann <daniel@debian.org>  Sat, 13 Jan 2007 15:46:00 +0100
+
 dwm-tools (2-2) testing; urgency=medium
 
   * Applied 99-utf.patch from dmenu 1.6 to fix utf support (Closes: #402816).
diff -u dwm-tools-2/debian/patches/00list dwm-tools-2/debian/patches/00list
--- dwm-tools-2/debian/patches/00list
+++ dwm-tools-2/debian/patches/00list
@@ -1 +1,2 @@
+98-slock-bo
 99-dmenu-utf
only in patch2:
unchanged:
--- dwm-tools-2.orig/debian/patches/98-slock-bo.dpatch
+++ dwm-tools-2/debian/patches/98-slock-bo.dpatch
@@ -0,0 +1,28 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+## 98-slock-bo.dpatch by Anselm R. Garbe <garbeam@gmail.com>
+##
+## DP: Fixes potential buffer overflow (taken from slock 0.4).
+
+@DPATCH@
+
+diff -Naur dwm-tools-2.orig/slock-0.3/slock.c dwm-tools-2/slock-0.3/slock.c
+--- dwm-tools-2.orig/slock-0.3/slock.c	2006-11-03 10:35:35.000000000 +0000
++++ dwm-tools-2/slock-0.3/slock.c	2007-01-13 13:10:33.000000000 +0000
+@@ -102,7 +102,7 @@
+ 	while(running && !XNextEvent(dpy, &ev))
+ 		if(ev.type == KeyPress) {
+ 			buf[0] = 0;
+-			num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
++			num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
+ 			if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
+ 					|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
+ 					|| IsPrivateKeypadKey(ksym))
+@@ -122,7 +122,7 @@
+ 					--len;
+ 				break;
+ 			default:
+-				if(num && !iscntrl((int) buf[0])) {
++				if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { 
+ 					memcpy(passwd + len, buf, num);
+ 					len += num;
+ 				}

Reply to:

Follow-Ups:
- Re: Please accept dwm-tools
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: Security unblock for phpmyadmin
Next by Date: Re: Please unblock gnunet
Previous by thread: Re: Please unblock gnunet
Next by thread: Re: Please accept dwm-tools
Index(es):
- Date
- Thread