222b993679
"Buffer overflow in xli might allow user-complicit attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during zoom, reduce, or rotate operations." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178 Patch from Debian.
40 lines
1.3 KiB
Text
40 lines
1.3 KiB
Text
$NetBSD: patch-af,v 1.1 2005/10/30 17:58:58 salo Exp $
|
|
|
|
Security fix for CVE-2005-3178, from Debian.
|
|
|
|
--- zoom.c.orig 2005-02-28 01:42:39.000000000 +0100
|
|
+++ zoom.c 2005-10-30 18:50:04.000000000 +0100
|
|
@@ -52,28 +52,29 @@
|
|
if (verbose)
|
|
printf(" Zooming image Y axis by %d%%...", yzoom);
|
|
if (changetitle)
|
|
- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
|
|
+ snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom);
|
|
}
|
|
else if (!yzoom) {
|
|
if (verbose)
|
|
printf(" Zooming image X axis by %d%%...", xzoom);
|
|
if (changetitle)
|
|
- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
|
|
+ snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom);
|
|
}
|
|
else if (xzoom == yzoom) {
|
|
if (verbose)
|
|
printf(" Zooming image by %d%%...", xzoom);
|
|
if (changetitle)
|
|
- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
|
|
+ snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom);
|
|
}
|
|
else {
|
|
if (verbose)
|
|
printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
|
|
xzoom, yzoom);
|
|
if (changetitle)
|
|
- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
|
|
+ snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
|
|
xzoom, yzoom);
|
|
}
|
|
+ buf[BUFSIZ-1] = '\0';
|
|
if (!changetitle)
|
|
strcpy(buf,oimage->title);
|
|
|