- fix a null pointer deref in atoi().

2011-05-23 17:58:11 +00:00 · 2011-05-23 17:58:11 +00:00 · 877f008310
commit 877f008310
parent 4cdef5803d
2 changed files with 65 additions and 6 deletions
--- a/x11/gnome/file-roller/Makefile
+++ b/x11/gnome/file-roller/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.48 2011/04/26 15:56:07 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.49 2011/05/23 17:58:11 jasper Exp $

 SHARED_ONLY=		Yes

@ -6,6 +6,7 @@ COMMENT=		archive manager for GNOME

 GNOME_PROJECT=		file-roller
 GNOME_VERSION=		2.32.2
+REVISION=		0

 CATEGORIES=		archivers

--- a/x11/gnome/file-roller/patches/patch-src_fr-command-rpm_c
+++ b/x11/gnome/file-roller/patches/patch-src_fr-command-rpm_c
@ -1,7 +1,65 @@
-$OpenBSD: patch-src_fr-command-rpm_c,v 1.3 2010/04/22 11:45:14 jasper Exp $
--- src/fr-command-rpm.c.orig	Thu Apr 22 13:31:32 2010
-+++ src/fr-command-rpm.c	Thu Apr 22 13:31:45 2010
-@@ -233,7 +233,7 @@ fr_command_rpm_get_capabilities (FrCommand  *comm,
+$OpenBSD: patch-src_fr-command-rpm_c,v 1.4 2011/05/23 17:58:11 jasper Exp $
+
+From 2899c092f249a4fa822a896baf128b6c8c75b634 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <jasper@humppa.nl>
+Date: Mon, 23 May 2011 11:11:30 +0000
+Subject: Prevent a NULL pointer deref in mktime_from_string().
+
+It's possible to call mktime_from_string() with NULL arguments for day,
+month and year. This would in turn lead to calling atoi(NULL),
+which leads to a crash.
+So instead fill in any NULL values with the corresponding unit from Jan 1st 1970.
+
+--- src/fr-command-rpm.c.orig	Tue Apr 26 16:29:35 2011
+++ src/fr-command-rpm.c	Mon May 23 19:54:51 2011
+@@ -62,23 +62,32 @@ mktime_from_string (char *month,
+ 				tm.tm_mon = i;
+ 				break;
+ 			}
+-	}
+-	tm.tm_mday = atoi (mday);
+-	if (strchr (year, ':') != NULL) {
+-		char **fields = g_strsplit (year, ":", 2);
+-        	if (n_fields (fields) == 2) {
+-	        	time_t      now;
+-        		struct tm  *now_tm;
+	} else
+		tm.tm_mon = 0;
+ 
+-	  		tm.tm_hour = atoi (fields[0]);
+-	  		tm.tm_min = atoi (fields[1]);
+	if (mday != NULL) 
+		tm.tm_mday = atoi (mday);
+	else
+		tm.tm_mday = 1;
+ 
+-	  		now = time(NULL);
+-	  		now_tm = localtime (&now);
+-	  		tm.tm_year = now_tm->tm_year;
+-        	}
+	if (year != NULL) {
+		if (strchr (year, ':') != NULL) {
+			char **fields = g_strsplit (year, ":", 2);
+	        	if (n_fields (fields) == 2) {
+		        	time_t      now;
+	        		struct tm  *now_tm;
+
+		  		tm.tm_hour = atoi (fields[0]);
+		  		tm.tm_min = atoi (fields[1]);
+
+		  		now = time(NULL);
+		  		now_tm = localtime (&now);
+		  		tm.tm_year = now_tm->tm_year;
+	        	}
+		} else
+			tm.tm_year = atoi (year) - 1900;
+ 	} else
+-		tm.tm_year = atoi (year) - 1900;
+		tm.tm_year = 70;
+ 
+ 	return mktime (&tm);
+ }
+@@ -233,7 +242,7 @@ fr_command_rpm_get_capabilities (FrCommand  *comm,
 	FrCommandCap capabilities;
 
 	capabilities = FR_COMMAND_CAN_ARCHIVE_MANY_FILES;
@ -10,7 +68,7 @@ $OpenBSD: patch-src_fr-command-rpm_c,v 1.3 2010/04/22 11:45:14 jasper Exp $
 		capabilities |= FR_COMMAND_CAN_READ;
 
 	return capabilities;
-@@ -244,7 +244,7 @@ static const char *
+@@ -244,7 +253,7 @@ static const char *
 fr_command_rpm_get_packages (FrCommand  *comm,
 			     const char *mime_type)
 {