dev-db/xbsql: Fix buffer overflow, #434198

Package-Manager: portage-2.2.0_alpha128/cvs/Linux x86_64

4 files changed, 141 insertions, 2 deletions

diff --git a/dev-db/xbsql/ChangeLog b/dev-db/xbsql/ChangeLog
index ef6837439764..4a74b2a83bd5 100644
--- a/dev-db/xbsql/ChangeLog
+++ b/dev-db/xbsql/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-db/xbsql
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/ChangeLog,v 1.11 2012/06/30 17:15:51 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/ChangeLog,v 1.12 2012/09/16 14:58:48 jlec Exp $
+
+*xbsql-0.11-r2 (16 Sep 2012)
+
+  16 Sep 2012; Justin Lecher <jlec@gentoo.org> +xbsql-0.11-r2.ebuild,
+  +files/xbsql-0.11-bfr-overflow.patch:
+  Fix buffer overflow, #434198
 
 *xbsql-0.11-r1 (30 Jun 2012)
 
diff --git a/dev-db/xbsql/Manifest b/dev-db/xbsql/Manifest
index 8faedfa9cb3e..8529d4fb5773 100644
--- a/dev-db/xbsql/Manifest
+++ b/dev-db/xbsql/Manifest
@@ -1,8 +1,21 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX xbsql-0.11-autotools.patch 495 SHA256 412a86d55b35be897e64443b2d74edecdc453f6d4ce76c933bafc2eda813e583 SHA512 fd5ecfbf5a63393147e305bfa1704848f807f97f0af4c03bdae7ad6be9085a4bd97724fa59aeec903d3020a01f42cd29440b619705d7678d153e8c4a3e59f450 WHIRLPOOL 577b372d279535f9a1d15046321c6ae806bb342e879dd9dfd10b279ae1bc6ea10ec22700504f8a828559e982cd40718c8bd398200bb7a322cfc152e334ab6abe
+AUX xbsql-0.11-bfr-overflow.patch 3015 SHA256 f71393da3c7d55eeb524ad0fde6828f1de5677981d34ffb6e3b41a1289092558 SHA512 37d4f541fa7e85a9297e19d3793f97d80acef07a9131e35ed7dfa5e277aa646463aafe731c47885251171318edca141bfc2b8304a971db7804f3f0a1eb66d329 WHIRLPOOL fe76bbecdd7b44ef83af98a560a1e71c934db28b3fb7312c964b11b0b950b6b76c8029770971994f4292d76d2331384c3d04bfb88183565b8b2d32ea7e4a08aa
 AUX xbsql-0.11-ncurses64.patch 542 SHA256 405c0b239a8b2c5cea8157b5f1dd050df786d55e14fb7092cda36038efb3aab7 SHA512 64148cab80c3d5bc0209e31c0885ea69d3124dc8ad11c57706b71aafe926451928610aeb5dab6639b5a405bcba07d1a3e4588224293d3e4343f76eb194d3aec8 WHIRLPOOL 0ac35294cae79b3ffc28e2d4d109ee76b84891eafbfb9dfb1a8d55966dfe0d7f0e791b9cb276bdf93304eee7b884902129bf2fdb194b4effdf1e7bc02dc7e9ad
 AUX xbsql-0.11-xbase64.patch 2076 SHA256 4da0e870a1ea1f400e752afe4d97a5cb725058244fc197398b0d48c2e08910d6 SHA512 9b1848156f0629a486510a87077c55548b338206331dbf2b7011487ba04bf7986f73b160505defe319b0144cbf617882da760de8f355b81c757166a603931ef3 WHIRLPOOL 4e84bbd9aeab8a7f996a9bc84af05152da300f3de9c00c686b0380799ada190ff0377e7960d92bf00b4b59b2cd20ecc99942c9bafd808e4baeab869d3f7a59c1
 DIST xbsql-0.11.tgz 307392 SHA256 c91836a4c3f138b6e211d4427dce840cd6b30853f0dffaa3bc36d05f8751606a SHA512 caf8a6d8191f7de860008e5ac2628e388097b05999887ec52b91684f6577dd3152dfa164b71a37d84ef70f43ab868dd02b30bc76c88208d4daa85d8e111ea3a4 WHIRLPOOL 0aecbb9725a2bccac9941eebb160d4dc15f8373e22641ed7a6b75c27955cf61b1ec62f59c3c496a3faa3f1ff7887a2658c08149da6cf1cc59214489ed3510919
 EBUILD xbsql-0.11-r1.ebuild 891 SHA256 3956d886c8928db5681e5ebd61d2f7ce4f1ac3c8bc9d489ca3eed624f231edc8 SHA512 3702cbab2d3712c283ceda9f89298484d06ed6b3535ac7a687fe6745ac0d53ad5fec40f6072ce523c903f22f4d43f5b4dd9675fce2156a770885da4fc4670948 WHIRLPOOL cb2f1fb7e79577ebefa86f5a386b5b5d441b26b60f72a908f8f793d6e92085978b39670dece876faa02fb34adeaf8255cb77654a5ac1829df8482d9d8c8c00b6
+EBUILD xbsql-0.11-r2.ebuild 930 SHA256 d9f37e30322812d67c63119e170de77e3ffa4c06388166fd786f36148c41ba8f SHA512 807f6e028dfe0f2343152c0085c6ad4a44222d570cb147a5cf499d0c2739b9ad0e8d831866f7ae44667cfb5fbbd34635e1b71eda1188c4ed8f4e23973ef29311 WHIRLPOOL 81d465ebea36437ed2f03ae61de8c70be6ddbfe5cda24bed81d2988b61cd8b6f95a33b43ddc2951d6f901131c5777e86b1f870410a8bbca6d05085378f77849d
 EBUILD xbsql-0.11.ebuild 664 SHA256 18e70a6623340d97903cab91b1f1db66c6870a488aca642f97c00ca6221e4910 SHA512 f5dbebe698a739d0b4e667cad18217facb5578c359e8198d3037208a306edf19aeaa8a6c04f73de89c71ebae5b4f89bdfe4ccaede7932e4b36394669d9cf7154 WHIRLPOOL 1deb83d95f24a6e32aebbf4b70e01c980c4fd4217f86e18fa65397fa688d48b46e678de098e5e195bb66dcd1f93183df3f14c48df99cf9bd6ebc3f0cb0a701c7
-MISC ChangeLog 1404 SHA256 2ebfd9a174c6ae762e306d170e985faf23ff1aaa9fc4742016411e2b3584c6ae SHA512 6d3adcce093d7d30ac45ddbad73108810d8b1c302b58e86985c6d8a698d382c17a4db620e024bf5ed3f5b35ce9af98d0ffa358a360f4a9688ec7343dd924984c WHIRLPOOL 6886ac74ae7a183d680c9f483df89584673931069726eb3709a5d00b2dd2cb6fc2d2765719a9fe9e84d8f23cdef5f041f16b4f075bc00d82a10e9d1733e40fc0
+MISC ChangeLog 1576 SHA256 b94f295e3c2c92f2d3573132ba76c8236c6c66063120241b8316f751d1045715 SHA512 c987340b971fe22fade8b5ad34175606d2ce21d2f218d67b359b4e6c45446bed9b7a372178997bec9b9257863f58b4dadd6ccc5880631a39271b2ad34ea97065 WHIRLPOOL 38ed2a9d1a4c8a3ff0d676ddbe956a2d67bff034bf4b41b102d1f5fb22ea59ffcb84b8795d97df272fda3edfe3decbb8f3fe4e4e338d2b824efbc9a208710b85
 MISC metadata.xml 214 SHA256 0e019c1dee563e5b23815be471ae1b65fcaf721a91ec48037446d41ca787d3e5 SHA512 701b8c51f43f8660d40700929c243a2dae9f19dcbc7b8eca877e20eadc1ae2e0c84f7c7d8c3cb576055c1a49a55e9c759ef469eeda67026ce252d341937f6691 WHIRLPOOL 977119e736e0795137df14faae681f7fa07ba8297a19ef4a7d7b93de7efceaed16f7103f179a762be41b8849c33c535b55d16d2fd0ea795df0525592752e0156
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+Comment: GPGTools - http://gpgtools.org
+
+iEYEAREIAAYFAlBV6S0ACgkQgAnW8HDreRa0fQCgoktXXZfao47RImOgfflIpWb+
+5H8An3aj2ZdeiZ+vxL5u1jlURhRhiHsm
+=K4vQ
+-----END PGP SIGNATURE-----
diff --git a/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch
new file mode 100644
index 000000000000..1615fb4d4389
--- /dev/null
+++ b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch
@@ -0,0 +1,79 @@
+ xbsql/xb_fieldset.cpp |  6 +++---
+ xbsql/xbsql.cpp       | 20 ++++++++++----------
+ 2 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/xbsql/xb_fieldset.cpp b/xbsql/xb_fieldset.cpp
+index ea9e726..f922ed3 100644
+--- a/xbsql/xb_fieldset.cpp
++++ b/xbsql/xb_fieldset.cpp
+@@ -58,10 +58,10 @@ XBSQL::Index
+ 	if ((fldno < 0) || (fldno >= fieldSet.getNumFields()))
+ 		return	XBSQL::IndexNone	;
+ 
+-	char	buff[255]	;
+-	strncpy	(buff, tabname,		    sizeof(buff)) ;
++	char	buff[256]	;
++	strncpy	(buff, tabname,		    sizeof(buff) - 1) ;
+ 	strncat	(buff, "_",		    sizeof(buff)) ;
+-	strncat	(buff, getFieldName(fldno), sizeof(buff)) ;
++	strncat	(buff, getFieldName(fldno), sizeof(buff) - strlen(tabname) - 1) ;
+ 
+ 	const char *path = xbase->getPath (buff, "ndx")	;
+ 	int	fd	 = open (path, O_RDONLY)	;
+diff --git a/xbsql/xbsql.cpp b/xbsql/xbsql.cpp
+index 9d07f88..96304c4 100644
+--- a/xbsql/xbsql.cpp
++++ b/xbsql/xbsql.cpp
+@@ -376,9 +376,9 @@ bool	XBaseSQL::createTable
+ 			char	name	[256]	   ;
+ 			xbNdx 	ndxFile	(&dbfFile) ;
+ 
+-			strncpy	(name, table,			sizeof(name)) ;
++			strncpy	(name, table,			sizeof(name) - 1) ;
+ 			strncat	(name, "_",   			sizeof(name)) ;
+-			strncat	(name, schema[idx].FieldName,	sizeof(name)) ;
++			strncat	(name, schema[idx].FieldName,	sizeof(name) - strlen(table) - 1) ;
+ 
+ 			path	= getPath (name, "ndx") ;
+ 			idxflag	= index[idx] == XBSQL::IndexUnique ?
+@@ -467,9 +467,9 @@ XBSQLTable *XBaseSQL::openTable
+ 	{
+ 		char	name[256]	;
+ 
+-		strncpy	(name, table,			sizeof(name)) ;
++		strncpy	(name, table,			sizeof(name) - 1) ;
+ 		strncat	(name, "_",			sizeof(name)) ;
+-		strncat	(name, fSet.getFieldName (idx),	sizeof(name)) ;
++		strncat	(name, fSet.getFieldName (idx),	sizeof(name) - strlen(table) - 1) ;
+ 
+ 		path	= getPath (name, "ndx") ;
+ #ifndef _WIN32
+@@ -873,12 +873,12 @@ bool	XBaseSQL::renameTable
+ 			char		_newName[256]	;
+ 			const char	*fname	= fSet.getFieldName (idx) ;
+ 
+-			strncpy	(_oldName, oldName, sizeof(_oldName)) ;
++			strncpy	(_oldName, oldName, sizeof(_oldName) - 1) ;
+ 			strncat	(_oldName, "_",     sizeof(_oldName)) ;
+-			strncat	(_oldName, fname,   sizeof(_oldName)) ;
+-			strncpy	(_newName, newName, sizeof(_newName)) ;
++			strncat	(_oldName, fname,   sizeof(_oldName) - strlen(oldName) - 1) ;
++			strncpy	(_newName, newName, sizeof(_newName) - 1) ;
+ 			strncat	(_newName, "_",	    sizeof(_newName)) ;
+-			strncat	(_newName, fname,   sizeof(_newName)) ;
++			strncat	(_newName, fname,   sizeof(_newName) - strlen(newName) - 1) ;
+ 
+ 			oldAnon	= getPath (_oldName, "ndx") ;
+ 			newAnon	= getPath (_newName, "ndx") ;
+@@ -956,9 +956,9 @@ bool	XBaseSQL::dropTable
+ 			char		_idxName[256]	;
+ 			const char	*fname	= fSet.getFieldName (idx) ;
+ 
+-			strncpy	(_idxName, table, sizeof(_idxName)) ;
++			strncpy	(_idxName, table, sizeof(_idxName) - 1) ;
+ 			strncat	(_idxName, "_",   sizeof(_idxName)) ;
+-			strncat	(_idxName, fname, sizeof(_idxName)) ;
++			strncat	(_idxName, fname, sizeof(_idxName) - strlen(table) - 1) ;
+ 
+ 			tabAnon	= getPath (_idxName, "ndx") ;
+ 
diff --git a/dev-db/xbsql/xbsql-0.11-r2.ebuild b/dev-db/xbsql/xbsql-0.11-r2.ebuild
new file mode 100644
index 000000000000..27cf1a2f720b
--- /dev/null
+++ b/dev-db/xbsql/xbsql-0.11-r2.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/xbsql/xbsql-0.11-r2.ebuild,v 1.1 2012/09/16 14:58:48 jlec Exp $
+
+EAPI=4
+
+AUTOTOOLS_AUTORECONF=yes
+
+inherit autotools-utils
+
+DESCRIPTION="An SQL Wrapper for the XBase library"
+HOMEPAGE="http://www.rekallrevealed.org/"
+SRC_URI="http://www.rekallrevealed.org/packages/${P}.tgz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="doc static-libs"
+
+RDEPEND="
+	>=dev-db/xbase-3.1.2
+	sys-libs/readline"
+DEPEND="${RDEPEND}
+	sys-devel/automake
+	sys-devel/libtool"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-ncurses64.patch
+	"${FILESDIR}"/${P}-xbase64.patch
+	"${FILESDIR}"/${P}-autotools.patch
+	"${FILESDIR}"/${P}-bfr-overflow.patch
+)
+
+DOCS=( AUTHORS Announce ChangeLog INSTALL README TODO )
+
+AUTOTOOLS_IN_SOURCE_BUILD=1
+
+src_install() {
+	autotools-utils_src_install
+	use doc && dohtml doc/*
+}