Fix buffer overflows #340145 by Diego Elio Pettenò.

(Portage version: 2.2.0_alpha4/cvs/Linux x86_64)

3 files changed, 58 insertions, 6 deletions

diff --git a/dev-games/hdl_dump/ChangeLog b/dev-games/hdl_dump/ChangeLog
index ad65555567ce..6c473b5b3387 100644
--- a/dev-games/hdl_dump/ChangeLog
+++ b/dev-games/hdl_dump/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for dev-games/hdl_dump
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/ChangeLog,v 1.8 2010/05/20 00:39:16 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/ChangeLog,v 1.9 2010/11/23 12:53:04 vapier Exp $
+
+  23 Nov 2010; Mike Frysinger <vapier@gentoo.org>
+  hdl_dump-0.8.6.20060901.ebuild,
+  +files/hdl_dump-0.8.6.20060901-fortify.patch:
+  Fix buffer overflows #340145 by Diego Elio Pettenò.
 
   20 May 2010; Mike Frysinger <vapier@gentoo.org>
   hdl_dump-0.8.6.20060901.ebuild:
diff --git a/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch b/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch
new file mode 100644
index 000000000000..96f85d4609af
--- /dev/null
+++ b/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch
@@ -0,0 +1,45 @@
+http://bugs.gentoo.org/340145
+
+fix buffer overflows in path handling.  these defines should only be used
+with host paths, so bumping them up to a larger value should be fine.
+
+--- a/common.h
++++ b/common.h
+@@ -35,7 +35,8 @@
+ C_START
+ 
+ #if !defined (MAX_PATH)
+-#  define MAX_PATH 128
++/* This needs to be at least 256 bytes -- see iin_gi_probe_path */
++#  define MAX_PATH 1024
+ #endif
+ 
+ 
+--- a/osal.h
++++ b/osal.h
+@@ -62,7 +62,8 @@ typedef struct
+ #  define OSAL_HANDLE_INIT { -1 } /* file descriptor */
+ #  define OSAL_IS_OPENED(x) ((x).desc != -1)
+ 
+-#  define MAX_PATH 256
++/* This needs to be at least 256 bytes -- see iin_gi_probe_path */
++#  define MAX_PATH 1024
+ 
+ #endif
+ typedef /*@special@*/ /*@only@*/ /*@out@*/ osal_handle_t* osal_handle_p_t;
+
+the magic field is 32 bytes, so strcpy-ing 32 bytes will add a 33rd NUL char.
+this isn't a problem in practice as the 33rd char is "unknown_0x02", but let's
+fix the issue anyways.
+
+--- a/apa.c
++++ b/apa.c
+@@ -1270,7 +1270,7 @@ apa_initialize_ex (hio_t *hio)
+   set_u32 (&header.length, 128 * 1024 * 2);
+   set_u16 (&header.type, 0x0001);
+   set_ps2fs_datetime (&header.created, time (NULL));
+-  strcpy (header.mbr.magic, "Sony Computer Entertainment Inc.");
++  memcpy (header.mbr.magic, "Sony Computer Entertainment Inc.", 32);
+   header.mbr.unknown_0x02 = 0x02;
+   set_ps2fs_datetime (&header.mbr.created, time (NULL));
+   set_u32 (&header.checksum, apa_partition_checksum (&header));
diff --git a/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild b/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild
index 9e0880f7bef2..13aed3f1a7d1 100644
--- a/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild
+++ b/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild
@@ -1,9 +1,10 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild,v 1.4 2010/05/20 00:39:16 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild,v 1.5 2010/11/23 12:53:04 vapier Exp $
 
-EAPI=2
-inherit toolchain-funcs versionator
+EAPI="2"
+
+inherit eutils toolchain-funcs versionator
 
 MY_PV=$(replace_version_separator 3 -)
 DESCRIPTION="game installer for playstation 2 HD Loader"
@@ -18,14 +19,15 @@ IUSE=""
 S=${WORKDIR}/${PN}
 
 src_prepare() {
+	epatch "${FILESDIR}"/${P}-fortify.patch #340145
 	sed -i \
 		-e "s/-O0 -g/${CFLAGS}/" \
 		-e "s/@\$(CC)/$(tc-getCC)/" \
 		-e '/LDFLAGS =/d' \
-		Makefile || die "sed failed"
+		Makefile || die
 }
 
 src_install() {
-	dobin hdl_dump || die "dobin failed"
+	dobin hdl_dump || die
 	dodoc AUTHORS CHANGELOG README TODO
 }