Your message dated Tue, 30 Jan 2007 20:32:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#409062: fixed in kaya 0.2.0-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: kaya
Version: 0.2.0-5
Severity: grave
Tags: security patch
Justification: user security hole
Kaya 0.2.4 fixes some data loss bugs and security problems (one buffer
overflow, one cross-site scripting and data leak) in the standard
library. Since it is too late in the Etch release cycle to package
0.2.4, the attached patches should fix the problems for 0.2.0 (only four
functions in two files are affected)
Thanks for your work in packaging Kaya for Debian
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
--- rts/stdfuns.cc 2006-06-27 10:29:33.000000000 +0100
+++ rts/stdfuns.cc.new 2007-01-29 18:45:57.000000000 +0000
@@ -45,6 +45,9 @@
#include "VMState.h"
#include "KayaAPI.h"
+// Read lines from files this many characters at a time
+#define LINE_CHUNK 1024
+
KayaArray args;
ArgMap httpargs;
@@ -117,20 +120,80 @@
wchar_t* getLine(FILE* f)
{
-// I know there's a better way. Can't be bothered.
- char* buf=(char*)GC_MALLOC_ATOMIC(4096*sizeof(char));
- fgets(buf,4096,f);
- return strtowc(buf);
+ unsigned size = LINE_CHUNK; // #define at top of file
+ // buffer to read into
+ char* buf=(char*)GC_MALLOC_ATOMIC(LINE_CHUNK*sizeof(char)+1);
+ // accumulator for result; but only allocate it when it turns out to be
+ // needed (i.e., when one chunk isn't enough).
+ char* res=NULL;
+ char* r;
+ do {
+ r = fgets(buf,LINE_CHUNK,f);
+ if (r == NULL) { // End of file, or read error. FIXME: Check which.
+ if (res==NULL)
+ {
+ // Fail silently (should this throw an exception?)
+ return L"";
+ } else {
+ // File finished without a newline, return what we've got.
+ return strtowc(res);
+ }
+ }
+ if (res==NULL) {
+ // FIXME: We're relying on \n or \r\n line endings. How much
+ // can we rely on this?
+ // C defines \n to be the native newline when reading
+ // or writing files in text mode so maybe we're okay...
+ if (strlen(buf)<(size-1) || buf[LINE_CHUNK-2]=='\n') {
+ return strtowc(buf); // Success in one chunk
+ }
+ // Begin allocation for accumulator and carry on as normal.
+ size += LINE_CHUNK-1;
+ res = (char*)GC_MALLOC_ATOMIC(size*sizeof(char)+1);
+ strcpy(res,buf);
+ }
+ else {
+ strcat(res,buf);
+ if (strlen(res)<(size-1) || buf[LINE_CHUNK-2]=='\n') {
+ // Finished successfully
+ return strtowc(res);
+ } else {
+ size += LINE_CHUNK-1; // -1 to account for null termination of
+ // string read into buf
+ res = (char*)GC_REALLOC(res, size*sizeof(char)+1);
+ }
+ }
+ } while (r!=NULL);
+ return L""; // Failed, although we shouldn't get here
}
wchar_t* getString(FILE* f)
{
-// I know there's a better way. Can't be bothered.
- char* buf=(char*)GC_MALLOC_ATOMIC(4096*sizeof(char));
+ unsigned size = LINE_CHUNK; // #define at top of file
+ // buffer to read into
+ char* buf=(char*)GC_MALLOC_ATOMIC(LINE_CHUNK*sizeof(char)+1);
+ // accumulator for result; but only allocate it when it turns out to be
+ // needed (i.e., when one chunk isn't enough).
int i=0;
- while((buf[i++]=fgetc(f))!='\0') {}
- buf[i]='\0';
- return strtowc(buf);
+ do {
+
+ do {
+ int c = fgetc(f);
+ if (c == EOF) {
+ buf[i] = '\0';
+ return strtowc(buf);
+ }
+ buf[i] = (unsigned char)c;
+ if (buf[i] == '\0') {
+ return strtowc(buf);
+ }
+ i++;
+ } while (i%LINE_CHUNK != 0);
+ size += LINE_CHUNK;
+ buf = (char*)GC_REALLOC(buf, size*sizeof(char)+1);
+
+ } while (buf[i] != EOF);
+ return L""; // Failed, although we shouldn't get here
}
void putLine(FILE* f, wchar_t* c)
@@ -532,7 +595,7 @@
}
}
outblock[y]='\0';
- KayaSetInt(outlen,y-1);
+ KayaSetInt(outlen,y);
return outblock;
}
--- stdlib/regex_glue.cc 2006-06-27 10:29:33.000000000 +0100
+++ /home/cim/kaya/stdlib/regex_glue.cc 2007-01-29 18:39:38.000000000 +0000
@@ -3,12 +3,13 @@
#include "regex_glue.h"
#include "Heap.h"
#include "VM.h"
+#include "KayaAPI.h"
void* re_compile(wchar_t* pattern, kint flagcode)
{
const char* error;
int erroffset;
- int regexflags = 0;
+ int regexflags = PCRE_UTF8;
if (flagcode & 1) { regexflags = regexflags | PCRE_CASELESS; }
if (flagcode & 2) { regexflags = regexflags | PCRE_EXTENDED; }
if (flagcode & 4) { regexflags = regexflags | PCRE_MULTILINE; }
@@ -28,28 +29,40 @@
int len = strlen(str);
// cout << rc << endl;
-
+ //cout << str << endl;
if (rc>=0) {
m->matched = true;
m->matches = new Array();
- m->before = (wchar_t*)GC_MALLOC((ovector[0]+1)*sizeof(wchar_t));
+ char* beforetmp = (char*)GC_MALLOC_ATOMIC((ovector[0]+1)*sizeof(char));
+ strncpy(beforetmp,str,ovector[0]);
+ beforetmp[ovector[0]] = '\0';
+ m->before = strtowc(beforetmp);
+
+ /* m->before = (wchar_t*)GC_MALLOC_ATOMIC((ovector[0]+1)*sizeof(wchar_t));
wcsncpy(m->before, strtowc(str),ovector[0]);
m->before[ovector[0]]='\0';
+ cout << ovector[0] << endl; */
int afterlen = len-ovector[1];
- m->after = (wchar_t*)GC_MALLOC((afterlen+1)*sizeof(wchar_t));
+ char* aftertmp = (char*)GC_MALLOC_ATOMIC((afterlen+1)*sizeof(char));
+ strncpy(aftertmp,str+ovector[1],afterlen);
+ aftertmp[afterlen] = '\0';
+ m->after = strtowc(aftertmp);
+
+ /* m->after = (wchar_t*)GC_MALLOC_ATOMIC((afterlen+1)*sizeof(wchar_t));
wcsncpy(m->after, strtowc(str+ovector[1]),afterlen);
- m->after[afterlen]='\0';
+ m->after[afterlen]='\0'; */
for(int i=0;i<rc;i++) {
// cout << ovector[i*2] << "-" << ovector[i*2+1] << endl;
const char* sub;
pcre_get_substring(str, ovector, rc, i, &sub);
- char* val = (char*)GC_MALLOC((strlen(sub)+1)*sizeof(char));
- strcpy(val,sub);
- // this should really use the API!
- m->matches->push_back(new Value(new String(strtowc(val)),KVT_STRING));
+ // char* val = (char*)GC_MALLOC_ATOMIC((strlen(sub)+1)*sizeof(char));
+ // strcpy(val,sub);
+ // this now uses the API!
+ m->matches->push_back(KayaString(KSTRING(sub)));
+ //new Value(new String(strtowc(sub)),KVT_STRING));
}
}
else
--- End Message ---
--- Begin Message ---
Source: kaya
Source-Version: 0.2.0-6
We believe that the bug you reported is fixed in the latest version of
kaya, which is due to be installed in the Debian FTP archive:
kaya_0.2.0-6.diff.gz
to pool/main/k/kaya/kaya_0.2.0-6.diff.gz
kaya_0.2.0-6.dsc
to pool/main/k/kaya/kaya_0.2.0-6.dsc
kaya_0.2.0-6_i386.deb
to pool/main/k/kaya/kaya_0.2.0-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stuart Teasdale <[EMAIL PROTECTED]> (supplier of updated kaya package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 29 Jan 2007 21:32:01 +0000
Source: kaya
Binary: kaya
Architecture: source i386
Version: 0.2.0-6
Distribution: unstable
Urgency: high
Maintainer: Stuart Teasdale <[EMAIL PROTECTED]>
Changed-By: Stuart Teasdale <[EMAIL PROTECTED]>
Description:
kaya - A statically typed, imperative programming language
Closes: 409062
Changes:
kaya (0.2.0-6) unstable; urgency=high
.
* Fixes for several data loss and security problems. Closes: #409062.
Files:
379b30c19825eafca1575521867f055c 678 devel extra kaya_0.2.0-6.dsc
4cd14cd762fcff15a8ad3adad8935be0 39698 devel extra kaya_0.2.0-6.diff.gz
11dbeebe577d0bff87e44a47a27f7dd8 1032246 devel extra kaya_0.2.0-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFv6hSqXWYex+fp+4RAqs8AKCNbartbASOmdPcJ9GCOD0Ry1IwKgCdHcEB
M543va4jU1wmqfFfdfC8zdk=
=xm1y
-----END PGP SIGNATURE-----
--- End Message ---
