Dear maintainer, I've prepared an NMU for qps (versioned as 1.9.18.6-2.3) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer.
Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG Key IDs: 0x00F3CFE4, 0x8649AA06 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `- NP: Nirvana: Something In The Way
diff -u qps-1.9.18.6/debian/changelog qps-1.9.18.6/debian/changelog
--- qps-1.9.18.6/debian/changelog
+++ qps-1.9.18.6/debian/changelog
@@ -1,3 +1,12 @@
+qps (1.9.18.6-2.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Increased the buffer size like suggested by Wolfgang Weisselberg in the
+ bug report and closed a potential buffer overflow risk (also pointed out
+ at the bug report). Closes: #527444
+
+ -- Philipp Spitzer <philipp+deb...@spitzer.priv.at> Mon, 30 Nov 2009 19:42:18 +0100
+
qps (1.9.18.6-2.2) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- qps-1.9.18.6.orig/proc_linux.cpp
+++ qps-1.9.18.6/proc_linux.cpp
@@ -666,7 +666,7 @@
void Procinfo::read_common()
{
char path[80];
- char buf[4096 + 1];
+ char buf[16384 + 1];
char *p;
int n;
@@ -797,7 +797,12 @@
// cpu_time(CPUTIME_IDLE) incorrectly, since it doesn't take the number of
// cpus into account. This is fixed in 2.1.x kernels, and since 2.0.x
// is rather old (and unsuited for SMP anyway) we don't work around it.
- p = strstr(buf, "btime") + 6;
+ p = strstr(buf, "btime ");
+ if (!p) {
+ fprintf(stderr, "Error reading btime\n");
+ abort();
+ }
+ p += 6; // length("btime ")
sscanf(p, "%lu", &boot_time);
}
signature.asc
Description: Digital signature
