summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/00list1
-rwxr-xr-xdebian/patches/04-cve-2009-0148.dpatch344
2 files changed, 345 insertions, 0 deletions
diff --git a/debian/patches/00list b/debian/patches/00list
index 759b17a..0eaa22f 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1 +1,2 @@
01-fix-resize-crash-inside-vim
+04-cve-2009-0148
diff --git a/debian/patches/04-cve-2009-0148.dpatch b/debian/patches/04-cve-2009-0148.dpatch
new file mode 100755
index 0000000..8f2125e
--- /dev/null
+++ b/debian/patches/04-cve-2009-0148.dpatch
@@ -0,0 +1,344 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+## 04-cve-2009-0148.dpatch
+##
+## DP: Fix for CVE-2009-0148 by Moritz Muehlenhoff and Matthew Murphy
+## DP: Closes: 528510
+
+diff --git a/src/build.c b/src/build.c
+index ada2ea1..717d618 100644
+--- a/src/build.c
++++ b/src/build.c
+@@ -223,7 +223,7 @@ build(void)
+ if (strcmp(currentdir, home) == 0) {
+ strcpy(newdir, "$HOME");
+ } else if (strncmp(currentdir, home, strlen(home)) == 0) {
+- sprintf(newdir, "$HOME%s", currentdir + strlen(home));
++ snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home));
+ }
+ /* sort the source file names (needed for rebuilding) */
+ qsort(srcfiles, nsrcfiles, sizeof(char *), compare);
+@@ -454,7 +454,7 @@ cscope: converting to new symbol database file format\n");
+ }
+ fstat(fileno(postings), &statstruct);
+ fclose(postings);
+- sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
++ snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
+ if ((postings = mypopen(sortcommand, "r")) == NULL) {
+ fprintf(stderr, "cscope: cannot open pipe to sort command\n");
+ cannotindex();
+diff --git a/src/command.c b/src/command.c
+index 0974352..8c9f277 100644
+--- a/src/command.c
++++ b/src/command.c
+@@ -739,7 +739,7 @@ changestring(void)
+
+ /* make sure it can be changed */
+ if (access(newfile, WRITE) != 0) {
+- sprintf(msg, "Cannot write to file %s", newfile);
++ snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile);
+ postmsg(msg);
+ anymarked = NO;
+ break;
+diff --git a/src/dir.c b/src/dir.c
+index 5773231..33fd7d1 100644
+--- a/src/dir.c
++++ b/src/dir.c
+@@ -139,7 +139,7 @@ sourcedir(char *dirlist)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - dir_len,
+ srcdirs[i], dir);
+ addsrcdir(path);
+@@ -207,7 +207,7 @@ includedir(char *dirlist)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - dir_len,
+ srcdirs[i], dir);
+ addincdir(dir, path);
+@@ -482,8 +482,6 @@ scan_dir(const char *adir, BOOL recurse_dir)
+ DIR *dirfile;
+ int adir_len = strlen(adir);
+
+- /* FIXME: no guards against adir_len > PATHLEN, yet */
+-
+ if ((dirfile = opendir(adir)) != NULL) {
+ struct dirent *entry;
+ char path[PATHLEN + 1];
+@@ -494,7 +492,7 @@ scan_dir(const char *adir, BOOL recurse_dir)
+ && (strcmp("..",entry->d_name) != 0)) {
+ struct stat buf;
+
+- sprintf(path,"%s/%.*s", adir,
++ snprintf(path, sizeof(path), "%s/%.*s", adir,
+ PATHLEN - 2 - adir_len,
+ entry->d_name);
+
+@@ -604,14 +602,14 @@ incfile(char *file, char *type)
+ /* search for the file in the #include directory list */
+ for (i = 0; i < nincdirs; ++i) {
+ /* don't include the file from two directories */
+- sprintf(name, "%.*s/%s",
++ snprintf(name, sizeof(name), "%.*s/%s",
+ PATHLEN - 2 - file_len, incnames[i],
+ file);
+ if (infilelist(name) == YES) {
+ break;
+ }
+ /* make sure it exists and is readable */
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - file_len, incdirs[i],
+ file);
+ if (access(compath(path), READ) == 0) {
+@@ -659,7 +657,7 @@ inviewpath(char *file)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - file_len, srcdirs[i],
+ file);
+ if (access(compath(path), READ) == 0) {
+diff --git a/src/display.c b/src/display.c
+index 7ef03cb..dc81226 100644
+--- a/src/display.c
++++ b/src/display.c
+@@ -478,20 +478,20 @@ search(void)
+ /* see if it is empty */
+ if ((c = getc(refsfound)) == EOF) {
+ if (findresult != NULL) {
+- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s",
+ findresult, Pattern);
+ } else if (rc == NOTSYMBOL) {
+- (void) sprintf(lastmsg, "This is not a C symbol: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s",
+ Pattern);
+ } else if (rc == REGCMPERROR) {
+- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s",
+ Pattern);
+
+ } else if (funcexist == NO) {
+- (void) sprintf(lastmsg, "Function definition does not exist: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s",
+ Pattern);
+ } else {
+- (void) sprintf(lastmsg, "Could not find the %s: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s",
+ fields[field].text2, Pattern);
+ }
+ return(NO);
+@@ -527,17 +527,17 @@ progress(char *what, long current, long max)
+ move(MSGLINE, 0);
+ clrtoeol();
+ addstr(what);
+- sprintf(msg, "%ld", current);
++ snprintf(msg, sizeof(msg), "%ld", current);
+ move(MSGLINE, (COLS / 2) - (strlen(msg) / 2));
+ addstr(msg);
+- sprintf(msg, "%ld", max);
++ snprintf(msg, sizeof(msg), "%ld", max);
+ move(MSGLINE, COLS - strlen(msg));
+ addstr(msg);
+ refresh();
+ }
+ else if (verbosemode == YES)
+ {
+- sprintf(msg, "> %s %ld of %ld", what, current, max);
++ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max);
+ }
+
+ start = now;
+@@ -575,7 +575,7 @@ myperror(char *text)
+ s = sys_errlist[errno];
+ }
+ #endif
+- (void) sprintf(msg, "%s: %s", text, s);
++ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s);
+ postmsg(msg);
+ }
+
+@@ -647,11 +647,7 @@ posterr(char *msg, ...)
+ (void) vfprintf(stderr, msg, ap);
+ (void) fputc('\n', stderr);
+ } else {
+-#if HAVE_VSNPRINTF
+ vsnprintf(errbuf, sizeof(errbuf), msg, ap);
+-#else
+- vsprintf(errbuf, msg, ap);
+-#endif
+ postmsg2(errbuf);
+ }
+ }
+@@ -664,11 +660,7 @@ postfatal(const char *msg, ...)
+ char errbuf[MSGLEN];
+
+ va_start(ap, msg);
+-#if HAVE_VSNPRINTF
+ vsnprintf(errbuf, sizeof(errbuf), msg, ap);
+-#else
+- vsprintf(errbuf, msg, ap);
+-#endif
+ /* restore the terminal to its original mode */
+ if (incurses == YES) {
+ exitcurses();
+diff --git a/src/edit.c b/src/edit.c
+index 5d97949..89a4296 100644
+--- a/src/edit.c
++++ b/src/edit.c
+@@ -105,9 +105,9 @@ edit(char *file, char *linenum)
+ char *s;
+
+ file = filepath(file);
+- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
++ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
+ postmsg(msg);
+- (void) sprintf(plusnum, lineflag, linenum);
++ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
+ /* if this is the more or page commands */
+ if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
+
+@@ -132,7 +132,7 @@ filepath(char *file)
+ static char path[PATHLEN + 1];
+
+ if (prependpath != NULL && *file != '/') {
+- (void) sprintf(path, "%s/%s", prependpath, file);
++ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
+ file = path;
+ }
+ return(file);
+diff --git a/src/exec.c b/src/exec.c
+index 7e4899d..467634e 100644
+--- a/src/exec.c
++++ b/src/exec.c
+@@ -123,7 +123,7 @@ myexecvp(char *a, char **args)
+
+ /* execute the program or shell script */
+ execvp(a, args); /* returns only on failure */
+- sprintf(msg, "\nCannot exec %s", a);
++ snprintf(msg, sizeof(msg), "\nCannot exec %s", a);
+ perror(msg); /* display the reason */
+ askforreturn(); /* wait until the user sees the message */
+ myexit(1); /* exit the child */
+diff --git a/src/find.c b/src/find.c
+index f6a6387..1d0a503 100644
+--- a/src/find.c
++++ b/src/find.c
+@@ -673,7 +673,7 @@ findinit(char *pattern)
+ /* must be an exact match */
+ /* note: regcomp doesn't recognize ^*keypad$ as a syntax error
+ unless it is given as a single arg */
+- (void) sprintf(buf, "^%s$", s);
++ (void) snprintf(buf, sizeof(buf), "^%s$", s);
+ if (regcomp (&regexp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
+ return(REGCMPERROR);
+ }
+diff --git a/src/main.c b/src/main.c
+index ca90ea9..5bca752 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -359,7 +359,7 @@ cscope: TMPDIR to a valid directory\n");
+ /* create the temporary file names */
+ orig_umask = umask(S_IRWXG|S_IRWXO);
+ pid = getpid();
+- sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid);
++ snprintf(tempdirpv, sizeof(tempdirpv), "%s/cscope.%d", tmpdir, pid);
+ if(mkdir(tempdirpv,S_IRWXU)) {
+ fprintf(stderr, "\
+ cscope: Could not create private temp dir %s\n",
+@@ -368,8 +368,8 @@ cscope: Could not create private temp dir %s\n",
+ }
+ umask(orig_umask);
+
+- sprintf(temp1, "%s/cscope.1", tempdirpv);
+- sprintf(temp2, "%s/cscope.2", tempdirpv);
++ snprintf(temp1, sizeof(temp1), "%s/cscope.1", tempdirpv);
++ snprintf(temp2, sizeof(temp2), "%s/cscope.2", tempdirpv);
+
+ /* if running in the foreground */
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
+@@ -389,12 +389,12 @@ cscope: Could not create private temp dir %s\n",
+ * used instead of failing to open a non-existant database in
+ * the home directory
+ */
+- sprintf(path, "%s/%s", home, reffile);
++ snprintf(path, sizeof(path), "%s/%s", home, reffile);
+ if (isuptodate == NO || access(path, READ) == 0) {
+ reffile = my_strdup(path);
+- sprintf(path, "%s/%s", home, invname);
++ snprintf(path, sizeof(path), "%s/%s", home, invname);
+ invname = my_strdup(path);
+- sprintf(path, "%s/%s", home, invpost);
++ snprintf(path, sizeof(path), "%s/%s", home, invpost);
+ invpost = my_strdup(path);
+ }
+ }
+@@ -728,22 +728,12 @@ cannotopen(char *file)
+ void
+ cannotwrite(char *file)
+ {
+-#if HAVE_SNPRINTF
+ char msg[MSGLEN + 1];
+
+ snprintf(msg, sizeof(msg), "Removed file %s because write failed", file);
+-#else
+- char *msg = mymalloc(50 + strlen(file));
+-
+- sprintf(msg, "Removed file %s because write failed", file);
+-#endif
+
+ myperror(msg); /* display the reason */
+
+-#if !HAVE_SNPRINTF
+- free(msg);
+-#endif
+-
+ unlink(file);
+ myexit(1); /* calls exit(2), which closes files */
+ }
+diff --git a/src/vpaccess.c b/src/vpaccess.c
+index cb56730..a3a7ad9 100644
+--- a/src/vpaccess.c
++++ b/src/vpaccess.c
+@@ -49,7 +49,7 @@ vpaccess(char *path, mode_t amode)
+ if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ if ((returncode = access(buf, amode)) != -1) {
+ break;
+ }
+diff --git a/src/vpfopen.c b/src/vpfopen.c
+index bffbc20..b5f592c 100644
+--- a/src/vpfopen.c
++++ b/src/vpfopen.c
+@@ -53,7 +53,7 @@ vpfopen(char *filename, char *type)
+ ) {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], filename);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename);
+ if ((returncode = myfopen(buf, type)) != NULL) {
+ break;
+ }
+diff --git a/src/vpopen.c b/src/vpopen.c
+index 777f168..de7cc53 100644
+--- a/src/vpopen.c
++++ b/src/vpopen.c
+@@ -52,7 +52,7 @@ vpopen(char *path, int oflag)
+ oflag == OPENFLAG_READ) {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ if ((returncode = myopen(buf, oflag, 0666)) != -1) {
+ break;
+ }