[gentoo-commits] gentoo-x86 commit in net-mail/qmailadmin/files: qmailadmin-1.2.12-quota-overflow.patch - gentoo-commits

From:	"Robin H. Johnson (robbat2)" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-mail/qmailadmin/files: qmailadmin-1.2.12-quota-overflow.patch
Date:	Wed, 26 Jan 2011 01:49:40
Message-Id:	`20110126014929.D1AAD20057@flycatcher.gentoo.org`

1

robbat2     11/01/26 01:49:29

2

3

  Added:                qmailadmin-1.2.12-quota-overflow.patch

4

  Log:

5

  Bug #269123: fix quota overflow security vulns.

6

7

  (Portage version: 2.2.0_alpha19/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.1                  net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&content-type=text/plain

14

15

Index: qmailadmin-1.2.12-quota-overflow.patch

16

===================================================================

17

diff -Nurp qmailadmin-1.2.12/util.c qmailadmin-1.2.12.new/util.c

18

--- qmailadmin-1.2.12/util.c	2007-09-21 19:27:40.000000000 -0400

19

+++ qmailadmin-1.2.12.new/util.c	2009-07-11 01:54:02.000000000 -0400

20

@@ -19,10 +19,11 @@

21

22

 #include <stdio.h>

23

 #include <stdlib.h>

24

+#include <stddef.h>

25

+#include <errno.h>

26

 #include <string.h>

27

 #include <unistd.h>

28

 #include <sys/stat.h>

29

-#include <unistd.h>

30

 #include <pwd.h>

31

 #include <dirent.h>

32

 #include <ctype.h>

33

@@ -352,41 +353,70 @@ char *get_quota_used(char *dir) {

34

                    back to bytes for vpasswd file

35

    return value: 0 for success, 1 for failure

36

*/

37

-int quota_to_bytes(char returnval[], char *quota) {

38

+int quota_to_bytes(char returnval[], const char *quota) {

39

     double tmp;

40

+    int err = 0;

41

42

     if (quota == NULL) { return 1; }

43

-    if ((tmp = atof(quota))) {

44

-        tmp *= 1048576;

45

-        sprintf(returnval, "%.0lf", tmp);

46

-        return 0;

47

+

48

+    /* first set errno to 0 to determine if an error occurs */

49

+    errno = 0;

50

+    tmp = strtod(quota, NULL);

51

+    err = errno;

52

+    if (err != 0) {

53

+        perror("quota_to_bytes");

54

+        return 1;

55

     } else {

56

-	strcpy (returnval, "");

57

-	return 1;

58

+        tmp *= (1024*1024);

59

+        err = sprintf(returnval, "%.0lf", tmp);

60

+        if (err > 0) {

61

+            return 0;

62

+        } else {

63

+            returnval[0] = '\0';

64

+            return 1;

65

+        }

66

}

67

}

68

 /* quota_to_megabytes: used to convert vpasswd representation of quota

69

                        to number of megabytes.

70

    return value: 0 for success, 1 for failure

71

*/

72

-int quota_to_megabytes(char *returnval, char *quota) {

73

+int quota_to_megabytes(char *returnval, const char *quota) {

74

     double tmp;

75

-    int i;

76

+    int err = 0;

77

+    size_t i;

78

79

     if (quota == NULL) { return 1; }

80

     i = strlen(quota);

81

+

82

+    errno = 0;

83

+    tmp = strtod(quota, NULL);

84

+    err = errno;

85

+    if (err != 0) {

86

+        perror("quota_to_megabytes");

87

+        return 1;

88

+    }

89

+

90

     if ((quota[i-1] == 'M') || (quota[i-1] == 'm')) {

91

-        tmp = atol(quota);  /* already in megabytes */

92

+        /* already in megabytes */

93

     } else if ((quota[i-1] == 'K') || (quota[i-1] == 'k')) {

94

-	tmp = atol(quota) * 1024;  /* convert kilobytes to megabytes */

95

-    } else if ((tmp = atol(quota))) {

96

-        tmp /= 1048576.0;

97

+        /* convert kilobytes to megabytes */

98

+        tmp *= 1024;

99

+    } else if (tmp != 0) {

100

+        /* convert bytes to megabytes */

101

+        tmp /= (1024*1024);

102

     } else {

103

-	strcpy (returnval, "");

104

-	return 1;

105

+        returnval[0] = '\0';

106

+        return 1;

107

+    }

108

+

109

+    err = sprintf(returnval, "%.2lf", tmp);

110

+    if (err > 0) {

111

+        return 0;

112

+    } else {

113

+        returnval[0] = '\0';

114

+        return 1;

115

}

116

-    sprintf(returnval, "%.2lf", tmp);

117

-    return 0;

118

}

119

120

 void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime)

121

diff -Nurp qmailadmin-1.2.12/util.h qmailadmin-1.2.12.new/util.h

122

--- qmailadmin-1.2.12/util.h	2007-09-21 19:27:40.000000000 -0400

123

+++ qmailadmin-1.2.12.new/util.h	2009-07-11 02:02:45.000000000 -0400

124

@@ -25,8 +25,8 @@ void str_replace (char *, char, char);

125

126

 void qmail_button(char *modu, char *command, char *user, char *dom, time_t mytime, char *png);

127

128

-int quota_to_bytes(char[], char*);     //jhopper prototype

129

-int quota_to_megabytes(char[], char*); //jhopper prototype

130

+int quota_to_bytes(char[], const char*);     //jhopper prototype

131

+int quota_to_megabytes(char[], const char*); //jhopper prototype

132

133

 void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime);

134

 char *cgiurl (char *action);

1	robbat2 11/01/26 01:49:29
2
3	Added: qmailadmin-1.2.12-quota-overflow.patch
4	Log:
5	Bug #269123: fix quota overflow security vulns.
6
7	(Portage version: 2.2.0_alpha19/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.1 net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&content-type=text/plain
14
15	Index: qmailadmin-1.2.12-quota-overflow.patch
16	===================================================================
17	diff -Nurp qmailadmin-1.2.12/util.c qmailadmin-1.2.12.new/util.c
18	--- qmailadmin-1.2.12/util.c 2007-09-21 19:27:40.000000000 -0400
19	+++ qmailadmin-1.2.12.new/util.c 2009-07-11 01:54:02.000000000 -0400
20	@@ -19,10 +19,11 @@
21
22	#include <stdio.h>
23	#include <stdlib.h>
24	+#include <stddef.h>
25	+#include <errno.h>
26	#include <string.h>
27	#include <unistd.h>
28	#include <sys/stat.h>
29	-#include <unistd.h>
30	#include <pwd.h>
31	#include <dirent.h>
32	#include <ctype.h>
33	@@ -352,41 +353,70 @@ char get_quota_used(char dir) {
34	back to bytes for vpasswd file
35	return value: 0 for success, 1 for failure
36	*/
37	-int quota_to_bytes(char returnval[], char *quota) {
38	+int quota_to_bytes(char returnval[], const char *quota) {
39	double tmp;
40	+ int err = 0;
41
42	if (quota == NULL) { return 1; }
43	- if ((tmp = atof(quota))) {
44	- tmp *= 1048576;
45	- sprintf(returnval, "%.0lf", tmp);
46	- return 0;
47	+
48	+ /* first set errno to 0 to determine if an error occurs */
49	+ errno = 0;
50	+ tmp = strtod(quota, NULL);
51	+ err = errno;
52	+ if (err != 0) {
53	+ perror("quota_to_bytes");
54	+ return 1;
55	} else {
56	- strcpy (returnval, "");
57	- return 1;
58	+ tmp = (10241024);
59	+ err = sprintf(returnval, "%.0lf", tmp);
60	+ if (err > 0) {
61	+ return 0;
62	+ } else {
63	+ returnval[0] = '\0';
64	+ return 1;
65	+ }
66	}
67	}
68	/* quota_to_megabytes: used to convert vpasswd representation of quota
69	to number of megabytes.
70	return value: 0 for success, 1 for failure
71	*/
72	-int quota_to_megabytes(char returnval, char quota) {
73	+int quota_to_megabytes(char returnval, const char quota) {
74	double tmp;
75	- int i;
76	+ int err = 0;
77	+ size_t i;
78
79	if (quota == NULL) { return 1; }
80	i = strlen(quota);
81	+
82	+ errno = 0;
83	+ tmp = strtod(quota, NULL);
84	+ err = errno;
85	+ if (err != 0) {
86	+ perror("quota_to_megabytes");
87	+ return 1;
88	+ }
89	+
90	if ((quota[i-1] == 'M') \|\| (quota[i-1] == 'm')) {
91	- tmp = atol(quota); /* already in megabytes */
92	+ /* already in megabytes */
93	} else if ((quota[i-1] == 'K') \|\| (quota[i-1] == 'k')) {
94	- tmp = atol(quota) * 1024; /* convert kilobytes to megabytes */
95	- } else if ((tmp = atol(quota))) {
96	- tmp /= 1048576.0;
97	+ /* convert kilobytes to megabytes */
98	+ tmp *= 1024;
99	+ } else if (tmp != 0) {
100	+ /* convert bytes to megabytes */
101	+ tmp /= (1024*1024);
102	} else {
103	- strcpy (returnval, "");
104	- return 1;
105	+ returnval[0] = '\0';
106	+ return 1;
107	+ }
108	+
109	+ err = sprintf(returnval, "%.2lf", tmp);
110	+ if (err > 0) {
111	+ return 0;
112	+ } else {
113	+ returnval[0] = '\0';
114	+ return 1;
115	}
116	- sprintf(returnval, "%.2lf", tmp);
117	- return 0;
118	}
119
120	void print_user_index (char action, int colspan, char user, char *dom, time_t mytime)
121	diff -Nurp qmailadmin-1.2.12/util.h qmailadmin-1.2.12.new/util.h
122	--- qmailadmin-1.2.12/util.h 2007-09-21 19:27:40.000000000 -0400
123	+++ qmailadmin-1.2.12.new/util.h 2009-07-11 02:02:45.000000000 -0400
124	@@ -25,8 +25,8 @@ void str_replace (char *, char, char);
125
126	void qmail_button(char modu, char command, char user, char dom, time_t mytime, char *png);
127
128	-int quota_to_bytes(char[], char*); //jhopper prototype
129	-int quota_to_megabytes(char[], char*); //jhopper prototype
130	+int quota_to_bytes(char[], const char*); //jhopper prototype
131	+int quota_to_megabytes(char[], const char*); //jhopper prototype
132
133	void print_user_index (char action, int colspan, char user, char *dom, time_t mytime);
134	char cgiurl (char action);

Gentoo Archives: gentoo-commits