summarylogtreecommitdiffstats
path: root/count-vcards-buffer-overflow.diff
diff options
context:
space:
mode:
Diffstat (limited to 'count-vcards-buffer-overflow.diff')
-rw-r--r--count-vcards-buffer-overflow.diff40
1 files changed, 40 insertions, 0 deletions
diff --git a/count-vcards-buffer-overflow.diff b/count-vcards-buffer-overflow.diff
new file mode 100644
index 00000000000..d2841d73684
--- /dev/null
+++ b/count-vcards-buffer-overflow.diff
@@ -0,0 +1,40 @@
+Fix buffer overflow problem, as reported in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356
+
+ -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200
+
+Index: libvc-003.dfsg.1/src/vc.c
+===================================================================
+--- libvc-003.dfsg.1.orig/src/vc.c 2008-07-01 17:19:22.000000000 +0200
++++ libvc-003.dfsg.1/src/vc.c 2008-07-01 17:19:24.000000000 +0200
+@@ -25,6 +25,7 @@
+ #include "vc.h"
+ #include <stdlib.h>
+ #include <string.h>
++#define __USE_GNU
+ #include <stdio.h>
+
+ #define BUF_LEN 80
+@@ -832,14 +833,16 @@
+ int
+ count_vcards (FILE * fp)
+ {
+- char buf[256];
++ char* line = NULL;
++ size_t len = 0;
+ int counter = 0;
+
+- while (EOF != fscanf (fp, "%s\n", buf))
+- {
+- if (0 == strcasecmp (buf, "BEGIN:VCARD"))
+- counter++;
+- }
++ while (getline (&line, &len, fp) != EOF)
++ if (0 == strncasecmp (line, "BEGIN:VCARD", 11))
++ counter++;
++
++ if (line)
++ free (line);
+
+ return counter;
+ }