diff options
author | Loui Chang | 2015-06-24 10:41:29 -0400 |
---|---|---|
committer | Loui Chang | 2015-06-24 10:41:29 -0400 |
commit | 7838ef04cb570bb003871d61bc30b0d84a76c72d (patch) | |
tree | 6c6134e3b20e090af913f18856ac6c01ceed0580 /count-vcards-buffer-overflow.diff | |
download | aur-7838ef04cb570bb003871d61bc30b0d84a76c72d.tar.gz |
libvc: Initial commit
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'count-vcards-buffer-overflow.diff')
-rw-r--r-- | count-vcards-buffer-overflow.diff | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/count-vcards-buffer-overflow.diff b/count-vcards-buffer-overflow.diff new file mode 100644 index 000000000000..d2841d736841 --- /dev/null +++ b/count-vcards-buffer-overflow.diff @@ -0,0 +1,40 @@ +Fix buffer overflow problem, as reported in +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356 + + -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc.c +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc.c 2008-07-01 17:19:22.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc.c 2008-07-01 17:19:24.000000000 +0200 +@@ -25,6 +25,7 @@ + #include "vc.h" + #include <stdlib.h> + #include <string.h> ++#define __USE_GNU + #include <stdio.h> + + #define BUF_LEN 80 +@@ -832,14 +833,16 @@ + int + count_vcards (FILE * fp) + { +- char buf[256]; ++ char* line = NULL; ++ size_t len = 0; + int counter = 0; + +- while (EOF != fscanf (fp, "%s\n", buf)) +- { +- if (0 == strcasecmp (buf, "BEGIN:VCARD")) +- counter++; +- } ++ while (getline (&line, &len, fp) != EOF) ++ if (0 == strncasecmp (line, "BEGIN:VCARD", 11)) ++ counter++; ++ ++ if (line) ++ free (line); + + return counter; + } |