Hi, Attached is the diff for my cscope 15.5+cvs20050816-1.1 NMU. (Actually it's just the patch already attached to this bug + a changelog entry.)
Cheers, Julien
diff -u cscope-15.5+cvs20050816/debian/changelog
cscope-15.5+cvs20050816/debian/changelog
--- cscope-15.5+cvs20050816/debian/changelog
+++ cscope-15.5+cvs20050816/debian/changelog
@@ -1,3 +1,11 @@
+cscope (15.5+cvs20050816-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Apply patch from Alec Berryman <[EMAIL PROTECTED]> to fix
+ CVE-2004-2541.diff (Closes: #340177).
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Sat, 10 Jun 2006 20:06:36 +0200
+
cscope (15.5+cvs20050816-1) unstable; urgency=low
* New upstream CVS as of 2005-08-16. Fixes the following in Debian BTS:
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/build.c
+++ cscope-15.5+cvs20050816/src/build.c
@@ -220,7 +220,7 @@
(void) strcpy(newdir, "$HOME");
}
else if (strncmp(currentdir, home, strlen(home)) == 0) {
- (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home));
+ (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir +
strlen(home));
}
/* sort the source file names (needed for rebuilding) */
qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare);
@@ -447,7 +447,7 @@
}
(void) fstat(fileno(postings), &statstruct);
(void) fclose(postings);
- (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s",
tmpdir, temp1);
+ (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C
sort -T %s %s", tmpdir, temp1);
if ((postings = mypopen(sortcommand, "r")) == NULL) {
(void) fprintf(stderr, "cscope: cannot open pipe to
sort command\n");
cannotindex();
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/command.c
+++ cscope-15.5+cvs20050816/src/command.c
@@ -754,7 +754,7 @@
/* make sure it can be changed */
if (access(newfile, WRITE) != 0) {
- (void) sprintf(msg, "Cannot write to
file %s", newfile);
+ (void) snprintf(msg, sizeof(msg),
"Cannot write to file %s", newfile);
postmsg(msg);
anymarked = NO;
break;
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/dir.c
+++ cscope-15.5+cvs20050816/src/dir.c
@@ -138,7 +138,7 @@
/* compute its path from higher view path source dirs */
for (i = 1; i < nvpsrcdirs; ++i) {
- (void) sprintf(path, "%.*s/%s",
+ (void) snprintf(path, sizeof(path), "%.*s/%s",
PATHLEN - 2 - dir_len,
srcdirs[i], dir);
addsrcdir(path);
@@ -206,7 +206,7 @@
/* compute its path from higher view path source dirs */
for (i = 1; i < nvpsrcdirs; ++i) {
- (void) sprintf(path, "%.*s/%s",
+ (void) snprintf(path, sizeof(path), "%.*s/%s",
PATHLEN - 2 - dir_len,
srcdirs[i], dir);
addincdir(dir, path);
@@ -483,8 +483,6 @@
DIR *dirfile;
int adir_len = strlen(adir);
- /* FIXME: no guards against adir_len > PATHLEN, yet */
-
if ((dirfile = opendir(adir)) != NULL) {
struct dirent *entry;
char path[PATHLEN + 1];
@@ -495,7 +493,7 @@
&& (strcmp("..",entry->d_name) != 0)) {
struct stat buf;
- sprintf(path,"%s/%.*s", adir,
+ snprintf(path, sizeof(path), "%s/%.*s", adir,
PATHLEN - 2 - adir_len,
entry->d_name);
@@ -610,14 +608,14 @@
for (i = 0; i < nincdirs; ++i) {
/* don't include the file from two directories */
- (void) sprintf(name, "%.*s/%s",
+ (void) snprintf(name, sizeof(name), "%.*s/%s",
PATHLEN - 2 - file_len, incnames[i],
file);
if (infilelist(name) == YES) {
break;
}
/* make sure it exists and is readable */
- (void) sprintf(path, "%.*s/%s",
+ (void) snprintf(path, sizeof(path), "%.*s/%s",
PATHLEN - 2 - file_len, incdirs[i],
file);
if (access(compath(path), READ) == 0) {
@@ -661,7 +659,7 @@
/* compute its path from higher view path source dirs */
for (i = 1; i < nvpsrcdirs; ++i) {
- (void) sprintf(path, "%.*s/%s",
+ (void) snprintf(path, sizeof(path), "%.*s/%s",
PATHLEN - 2 - file_len, srcdirs[i],
file);
if (access(compath(path), READ) == 0) {
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/display.c
+++ cscope-15.5+cvs20050816/src/display.c
@@ -481,20 +481,20 @@
/* see if it is empty */
if ((c = getc(refsfound)) == EOF) {
if (findresult != NULL) {
- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s",
+ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in
this pattern: %s",
findresult, Pattern);
} else if (rc == NOTSYMBOL) {
- (void) sprintf(lastmsg, "This is not a C symbol: %s",
+ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not
a C symbol: %s",
Pattern);
} else if (rc == REGCMPERROR) {
- (void) sprintf(lastmsg, "Error in this regcomp(3)
regular expression: %s",
+ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in
this regcomp(3) regular expression: %s",
Pattern);
} else if (funcexist == NO) {
- (void) sprintf(lastmsg, "Function definition does not
exist: %s",
+ (void) snprintf(lastmsg, sizeof(lastmsg), "Function
definition does not exist: %s",
Pattern);
} else {
- (void) sprintf(lastmsg, "Could not find the %s: %s",
+ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not
find the %s: %s",
fields[field].text2, Pattern);
}
return(NO);
@@ -530,17 +530,17 @@
move(MSGLINE, 0);
clrtoeol();
addstr(what);
- sprintf(msg, "%ld", current);
+ snprintf(msg, sizeof(msg), "%ld", current);
move(MSGLINE, (COLS / 2) - (strlen(msg) / 2));
addstr(msg);
- sprintf(msg, "%ld", max);
+ snprintf(msg, sizeof(msg), "%ld", max);
move(MSGLINE, COLS - strlen(msg));
addstr(msg);
refresh();
}
else if (verbosemode == YES)
{
- sprintf(msg, "> %s %ld of %ld", what, current, max);
+ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what,
current, max);
}
start = now;
@@ -578,7 +578,7 @@
s = sys_errlist[errno];
}
#endif
- (void) sprintf(msg, "%s: %s", text, s);
+ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s);
postmsg(msg);
}
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/edit.c
+++ cscope-15.5+cvs20050816/src/edit.c
@@ -105,9 +105,9 @@
char *s;
file = filepath(file);
- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
+ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor),
linenum, file);
postmsg(msg);
- (void) sprintf(plusnum, lineflag, linenum);
+ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
/* if this is the more or page commands */
if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") ==
0) {
@@ -132,7 +132,7 @@
static char path[PATHLEN + 1];
if (prependpath != NULL && *file != '/') {
- (void) sprintf(path, "%s/%s", prependpath, file);
+ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
file = path;
}
return(file);
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/exec.c
+++ cscope-15.5+cvs20050816/src/exec.c
@@ -124,7 +124,7 @@
/* execute the program or shell script */
(void) execvp(a, args); /* returns only on failure */
- (void) sprintf(msg, "\nCannot exec %s", a);
+ (void) snprintf(msg, sizeof(msg), "\nCannot exec %s", a);
perror(msg); /* display the reason */
askforreturn(); /* wait until the user sees the message */
myexit(1); /* exit the child */
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/find.c
+++ cscope-15.5+cvs20050816/src/find.c
@@ -666,7 +666,7 @@
/* must be an exact match */
/* note: regcomp doesn't recognize ^*keypad$ as a syntax error
unless it is given as a single arg */
- (void) sprintf(buf, "^%s$", s);
+ (void) snprintf(buf, sizeof(buf), "^%s$", s);
if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
return(REGCMPERROR);
}
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/main.c
+++ cscope-15.5+cvs20050816/src/main.c
@@ -350,7 +350,7 @@
/* create the temporary file names */
orig_umask = umask(S_IRWXG|S_IRWXO);
pid = getpid();
- sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid);
+ snprintf(tempdirpv, sizeof(tempdirpv), "%s/cscope.%d", tmpdir, pid);
if(mkdir(tempdirpv,S_IRWXU))
{
fprintf(stderr, "cscope: Could not create private temp dir
%s\n",tempdirpv);
@@ -358,8 +358,8 @@
}
umask(orig_umask);
- sprintf(temp1, "%s/cscope.1", tempdirpv, pid);
- sprintf(temp2, "%s/cscope.2", tempdirpv, pid);
+ snprintf(temp1, sizeof(temp1), "%s/cscope.1", tempdirpv, pid);
+ snprintf(temp2, sizeof(temp1), "%s/cscope.2", tempdirpv, pid);
/* if running in the foreground */
if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
@@ -379,12 +379,12 @@
* used instead of failing to open a non-existant database in
* the home directory
*/
- sprintf(path, "%s/%s", home, reffile);
+ snprintf(path, sizeof(path), "%s/%s", home, reffile);
if (isuptodate == NO || access(path, READ) == 0) {
reffile = stralloc(path);
- sprintf(path, "%s/%s", home, invname);
+ snprintf(path, sizeof(path), "%s/%s", home, invname);
invname = stralloc(path);
- sprintf(path, "%s/%s", home, invpost);
+ snprintf(path, sizeof(path), "%s/%s", home, invpost);
invpost = stralloc(path);
}
}
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/vpaccess.c
+++ cscope-15.5+cvs20050816/src/vpaccess.c
@@ -49,7 +49,7 @@
if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
vpinit(NULL);
for (i = 1; i < vpndirs; i++) {
- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i],
path);
if ((returncode = access(buf, amode)) != -1) {
break;
}
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/vpfopen.c
+++ cscope-15.5+cvs20050816/src/vpfopen.c
@@ -53,7 +53,7 @@
) {
vpinit(NULL);
for (i = 1; i < vpndirs; i++) {
- (void) sprintf(buf, "%s/%s", vpdirs[i], filename);
+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i],
filename);
if ((returncode = myfopen(buf, type)) != NULL) {
break;
}
only in patch2:
unchanged:
--- cscope-15.5+cvs20050816.orig/src/vpopen.c
+++ cscope-15.5+cvs20050816/src/vpopen.c
@@ -52,7 +52,7 @@
oflag == OPENFLAG_READ) {
vpinit(NULL);
for (i = 1; i < vpndirs; i++) {
- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i],
path);
if ((returncode = myopen(buf, oflag, 0666)) != -1) {
break;
}
signature.asc
Description: Digital signature
