X Strike Force SVN commit: rev 312 - in trunk/debian: . patches
Author: branden
Date: 2003-07-24 14:36:25 -0500 (Thu, 24 Jul 2003)
New Revision: 312
Modified:
trunk/debian/changelog
trunk/debian/patches/000_stolen_from_HEAD_xlib.diff
Log:
debian/patches/000_stolen_from_HEAD_xlib.diff: fix for buffer overflow in
_XlcLocaleDirName(); privileged binaries ignore the XLOCALEDIR
environment variable and are not vulnerable
Modified: trunk/debian/changelog
==============================================================================
--- trunk/debian/changelog 2003-07-24 18:38:32 UTC (rev 311)
+++ trunk/debian/changelog 2003-07-24 19:36:25 UTC (rev 312)
@@ -1,5 +1,9 @@
-xfree86 (4.2.1-10) unstable; urgency=low
+xfree86 (4.2.1-10) unstable; urgency=medium
+ * patch #000_stolen_from_HEAD_xlib: fix for buffer overflow in
+ _XlcLocaleDirName(); privileged binaries ignore the XLOCALEDIR
+ environment variable and are not vulnerable (Closes: #201750)
+
* debian/scripts/manifest-install-reconcile: new script to help keep
MANIFEST and *.install* files in sync
@@ -25,7 +29,7 @@
- xutils.install.{m68k,s390}: ship luit program, its manpage, and
darwinLib.{rules,tmpl} Imake configuration files
- -- Branden Robinson <branden@debian.org> Wed, 2 Jul 2003 15:00:37 -0500
+ -- Branden Robinson <branden@debian.org> Thu, 24 Jul 2003 14:33:03 -0500
xfree86 (4.2.1-9) unstable; urgency=high
Modified: trunk/debian/patches/000_stolen_from_HEAD_xlib.diff
==============================================================================
--- trunk/debian/patches/000_stolen_from_HEAD_xlib.diff 2003-07-24 18:38:32 UTC (rev 311)
+++ trunk/debian/patches/000_stolen_from_HEAD_xlib.diff 2003-07-24 19:36:25 UTC (rev 312)
@@ -95,6 +95,8 @@
+ fix memory leaks and speed font loading (Oliver Chapuis)
* (omText.c): Fixed obvious typo in OMlib (Egbert Eich).
* (xlibi18n/Xi18nLib.conf): reindent preprocessor statements (Egbert Eich)
+* (XlcDL.c,XlcPubI.h,lcFile.c): SECURITY: Fix for possible buffer overflow
+ in _XlcLocaleDirName().
These patches were in 000_stolen_from_HEAD and have been migrated over:
@@ -2821,8 +2823,57 @@
#if BuildLoadableXlibI18n
MakeSubdirs($(SUBDIRS))
---- xc/lib/X11/XlcDL.c~ 2003-02-20 11:26:56.000000000 -0500
-+++ xc/lib/X11/XlcDL.c 2003-02-20 11:32:16.000000000 -0500
+--- xc/lib/X11/xlibi18n/Xi18nLib.conf~ 2003-02-20 11:27:05.000000000 -0500
++++ xc/lib/X11/xlibi18n/Xi18nLib.conf 2003-02-20 11:30:59.000000000 -0500
+@@ -23,7 +23,7 @@
+
+ #include <Library.tmpl>
+
+-#ifdef HPArchitecture && OSMajorVersion > 9
++#if defined(HPArchitecture) && OSMajorVersion > 9
+ EXTRA_SHLIBLDFLAGS = +s +b $(USRLIBDIR)
+ #else
+ EXTRA_SHLIBLDFLAGS =
+@@ -47,8 +47,6 @@
+ $(RM) $@
+ $(CC) -c $(CFLAGS) $(_NOOP_) $(SHLIBDEF) $(SHAREDCODEDEF) $(PICFLAGS) $*.c
+
+-DependTarget()
+-
+ clean::
+ rm -rf *.so.$(SOXI18NREV)
+
+@@ -56,8 +54,8 @@
+ $(LINT) $(LINTFLAGS) $(SRCS) $(LINTLIBS)
+
+ #ifndef Xi18nLibraryTarget
+-#if 0
+-#define Xi18nLibraryTarget(libname) @@\
++# if 0 /* !CrossCompiling */
++# define Xi18nLibraryTarget(libname) @@\
+ all:: libname.so.$(SOXI18NREV) @@\
+ libname.so.$(SOXI18NREV): $(OBJS) @@\
+ $(RM) $@~ @@\
+@@ -69,13 +67,14 @@
+ else (set -x; $(MKDIRHIER) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)); fi @@\
+ $(RM) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV) @@\
+ $(INSTALL) $(INSTALLFLAGS) $(INSTLIBFLAGS) libname.so.$(SOXI18NREV) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)
+-#else
+-#define Xi18nLibraryTarget(libname) @@\
++# else
++# define Xi18nLibraryTarget(libname) @@\
++DependTarget() @@\
+ SharedLibraryTarget(libname,$(SOXI18NREV),$(OBJS),.,.) @@\
+ install:: Concat(lib,libname.so.$(SOXI18NREV)) @@\
+ MakeDir($(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)) @@\
+ $(RM) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV) @@\
+ $(INSTALL) $(INSTALLFLAGS) $(INSTLIBFLAGS) Concat(lib,libname.so.$(SOXI18NREV)) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV)
+
+-#endif
++# endif
+ #endif
+--- xc/lib/X11/XlcDL.c~ 2003-07-24 14:23:42.000000000 -0500
++++ xc/lib/X11/XlcDL.c 2003-07-24 14:27:11.000000000 -0500
@@ -56,12 +56,16 @@
#include "XlcPubI.h"
@@ -2963,7 +3014,7 @@
XLCd
#if NeedFunctionPrototypes
_XlcDynamicLoad(const char *lc_name)
-@@ -300,14 +391,9 @@
+@@ -300,18 +391,13 @@
{
XLCd lcd = (XLCd)NULL;
XLCd (*lc_loader)() = (XLCd(*)())NULL;
@@ -2978,6 +3029,11 @@
if (lc_name == NULL) return (XLCd)NULL;
+- if (_XlcLocaleDirName(lc_dir, (char *)lc_name) == (char*)NULL)
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, (char *)lc_name) == (char*)NULL)
+ return (XLCd)NULL;
+
+ resolve_object(lc_dir, lc_name);
@@ -321,47 +407,17 @@
for (; count-- > 0; objects_list++) {
if (objects_list->type != XLC_OBJECT ||
@@ -3031,7 +3087,7 @@
}
return (XLCd)lcd;
}
-@@ -379,16 +435,11 @@
+@@ -379,67 +435,32 @@
#endif
{
XIM im = (XIM)NULL;
@@ -3048,7 +3104,10 @@
lc_name = lcd->core->name;
-@@ -398,48 +449,18 @@
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XIM)0;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XIM)0;
+
+ count = lc_count;
for (; count-- > 0; objects_list++) {
if (objects_list->type != XIM_OBJECT ||
strcmp(objects_list->locale_name, lc_name)) continue;
@@ -3111,7 +3170,14 @@
char lc_dir[BUFSIZE];
char *lc_name;
Bool (*im_registerIM)() = (Bool(*)())NULL;
-@@ -475,49 +495,18 @@
+@@ -469,55 +489,24 @@
+
+ lc_name = lcd->core->name;
+
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+
+ count = lc_count;
for (; count-- > 0; objects_list++) {
if (objects_list->type != XIM_OBJECT ||
strcmp(objects_list->locale_name, lc_name)) continue;
@@ -3174,7 +3240,14 @@
char lc_dir[BUFSIZE];
char *lc_name;
Bool (*im_unregisterIM)() = (Bool(*)())NULL;
-@@ -552,50 +540,21 @@
+@@ -546,56 +534,27 @@
+ #endif
+
+ lc_name = lcd->core->name;
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+
+ count = lc_count;
for (; count-- > 0; objects_list++) {
if (objects_list->type != XIM_OBJECT ||
strcmp(objects_list->locale_name, lc_name)) continue;
@@ -3241,7 +3314,14 @@
char lc_dir[BUFSIZE];
char *lc_name;
XOM (*om_openOM)() = (XOM(*)())NULL;
-@@ -649,48 +607,16 @@
+@@ -643,54 +601,22 @@
+
+ lc_name = lcd->core->name;
+
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XOM)0;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XOM)0;
+
+ count = lc_count;
for (; count-- > 0; objects_list++) {
if (objects_list->type != XOM_OBJECT ||
strcmp(objects_list->locale_name, lc_name)) continue;
@@ -3296,52 +3376,137 @@
}
return (XOM)om;
}
---- xc/lib/X11/xlibi18n/Xi18nLib.conf~ 2003-02-20 11:27:05.000000000 -0500
-+++ xc/lib/X11/xlibi18n/Xi18nLib.conf 2003-02-20 11:30:59.000000000 -0500
-@@ -23,7 +23,7 @@
+--- xc/lib/X11/XlcPubI.h~ 2003-07-24 14:23:42.000000000 -0500
++++ xc/lib/X11/XlcPubI.h 2003-07-24 14:27:11.000000000 -0500
+@@ -217,6 +217,7 @@
+ extern char *_XlcLocaleDirName(
+ #if NeedFunctionPrototypes
+ char* /* dir_name */,
++ size_t, /* dir_len */
+ char* /* lc_name */
+ #endif
+ );
+--- xc/lib/X11/lcFile.c~ 2003-07-24 14:23:42.000000000 -0500
++++ xc/lib/X11/lcFile.c 2003-07-24 14:27:11.000000000 -0500
+@@ -429,57 +429,75 @@
+ }
- #include <Library.tmpl>
+ char *
+-_XlcLocaleDirName(dir_name, lc_name)
++_XlcLocaleDirName(dir_name, dir_len, lc_name)
+ char *dir_name;
++ size_t dir_len;
+ char *lc_name;
+ {
+- char dir[PATH_MAX], buf[PATH_MAX], *name = NULL;
+- int i, n;
+- char *args[NUM_LOCALEDIR];
+- static char locale_alias[] = LOCALE_ALIAS;
+- char *target_name = (char*)0;
+- char *target_dir = (char*)0;
++ char dir[PATH_MAX], buf[PATH_MAX], *name = NULL;
++ int i, n;
++ char *args[NUM_LOCALEDIR];
++ static char locale_alias[] = LOCALE_ALIAS;
++ char *target_name = (char*)0;
++ char *target_dir = (char*)0;
--#ifdef HPArchitecture && OSMajorVersion > 9
-+#if defined(HPArchitecture) && OSMajorVersion > 9
- EXTRA_SHLIBLDFLAGS = +s +b $(USRLIBDIR)
- #else
- EXTRA_SHLIBLDFLAGS =
-@@ -47,8 +47,6 @@
- $(RM) $@
- $(CC) -c $(CFLAGS) $(_NOOP_) $(SHLIBDEF) $(SHAREDCODEDEF) $(PICFLAGS) $*.c
-
--DependTarget()
+- xlocaledir (dir, PATH_MAX);
+- n = _XlcParsePath(dir, args, 256);
+- for (i = 0; i < n; ++i){
+- if ((2 + (args[i] ? strlen(args[i]) : 0) +
+- strlen(locale_alias)) < PATH_MAX) {
+- sprintf (buf, "%s/%s", args[i], locale_alias);
+- name = resolve_name(lc_name, buf, LtoR);
++ xlocaledir (dir, PATH_MAX);
++ n = _XlcParsePath(dir, args, 256);
++ for (i = 0; i < n; ++i) {
++
++ if ((2 + (args[i] ? strlen(args[i]) : 0) +
++ strlen(locale_alias)) < PATH_MAX) {
++ sprintf (buf, "%s/%s", args[i], locale_alias);
++ name = resolve_name(lc_name, buf, LtoR);
++ }
++
++ /* If name is not an alias, use lc_name for locale.dir search */
++ if (name == NULL)
++ name = lc_name;
++
++ /* look at locale.dir */
++
++ target_dir = args[i];
++ if (!target_dir) {
++ /* something wrong */
++ if (name != lc_name)
++ Xfree(name);
++ continue;
++ }
++ if ((1 + (target_dir ? strlen (target_dir) : 0) +
++ strlen("locale.dir")) < PATH_MAX) {
++ sprintf(buf, "%s/locale.dir", target_dir);
++ target_name = resolve_name(name, buf, RtoL);
++ }
++ if (name != lc_name)
++ Xfree(name);
++ if (target_name != NULL) {
++ char *p = 0;
++ if ((p = strstr(target_name, "/XLC_LOCALE"))) {
++ *p = '\0';
++ break;
++ }
++ Xfree(target_name);
++ target_name = NULL;
++ }
++ name = NULL;
+ }
-
- clean::
- rm -rf *.so.$(SOXI18NREV)
-
-@@ -56,8 +54,8 @@
- $(LINT) $(LINTFLAGS) $(SRCS) $(LINTLIBS)
-
- #ifndef Xi18nLibraryTarget
--#if 0
--#define Xi18nLibraryTarget(libname) @@\
-+# if 0 /* !CrossCompiling */
-+# define Xi18nLibraryTarget(libname) @@\
- all:: libname.so.$(SOXI18NREV) @@\
- libname.so.$(SOXI18NREV): $(OBJS) @@\
- $(RM) $@~ @@\
-@@ -69,13 +67,14 @@
- else (set -x; $(MKDIRHIER) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)); fi @@\
- $(RM) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV) @@\
- $(INSTALL) $(INSTALLFLAGS) $(INSTLIBFLAGS) libname.so.$(SOXI18NREV) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)
--#else
--#define Xi18nLibraryTarget(libname) @@\
-+# else
-+# define Xi18nLibraryTarget(libname) @@\
-+DependTarget() @@\
- SharedLibraryTarget(libname,$(SOXI18NREV),$(OBJS),.,.) @@\
- install:: Concat(lib,libname.so.$(SOXI18NREV)) @@\
- MakeDir($(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)) @@\
- $(RM) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV) @@\
- $(INSTALL) $(INSTALLFLAGS) $(INSTLIBFLAGS) Concat(lib,libname.so.$(SOXI18NREV)) $(DESTDIR)$(XLOCALEDIR)/$(POSTLOCALE)/libname.so.$(SOXI18NREV)
-
--#endif
-+# endif
- #endif
+- /* If name is not an alias, use lc_name for locale.dir search */
+- if (name == NULL)
+- name = lc_name;
+-
+- /* look at locale.dir */
+-
+- target_dir = args[i];
+- if (!target_dir) {
+- /* something wrong */
+- continue;
+- }
+- if ((1 + (target_dir ? strlen (target_dir) : 0) +
+- strlen("locale.dir")) < PATH_MAX) {
+- sprintf(buf, "%s/locale.dir", target_dir);
+- target_name = resolve_name(name, buf, RtoL);
++ if (target_name == NULL) {
++ /* vendor locale name == Xlocale name, no expansion of alias */
++ target_dir = args[0];
++ target_name = lc_name;
+ }
+- if (target_name != NULL) {
+- char *p = 0;
+- if ((p = strstr(target_name, "/XLC_LOCALE"))) {
+- *p = '\0';
+- break;
+- }
++ /* snprintf(dir_name, dir_len, "%s/%", target_dir, target_name); */
++ strncpy(dir_name, target_dir, dir_len - 1);
++ if (strlen(target_dir) >= dir_len - 1) {
++ dir_name[dir_len - 1] = '\0';
++ } else {
++ strcat(dir_name, "/");
++ strncat(dir_name, target_name, dir_len - strlen(dir_name) - 1);
++ if (strlen(target_name) >= dir_len - strlen(dir_name) - 1)
++ dir_name[dir_len - 1] = '\0';
+ }
+- }
+- if (target_name == NULL) {
+- /* vendor locale name == Xlocale name, no expansion of alias */
+- target_dir = args[0];
+- target_name = lc_name;
+- }
+- strcpy(dir_name, target_dir);
+- strcat(dir_name, "/");
+- strcat(dir_name, target_name);
+- return dir_name;
++ if (target_name != lc_name)
++ Xfree(target_name);
++ return dir_name;
+ }
Reply to: