Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Evergreen:11.4
gypsy
gypsy-CVE-2011-0524.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gypsy-CVE-2011-0524.patch of Package gypsy
From 03932804cd4b8e5a79c483fb05c82743f5ee93a2 Mon Sep 17 00:00:00 2001 From: Bastien Nocera <hadess@hadess.net> Date: Wed, 12 Oct 2011 12:15:44 +0100 Subject: [PATCH] Prevent buffer overflows in NMEA parsing By using snprintf() instead of sprintf. https://bugs.freedesktop.org/show_bug.cgi?id=33431 --- src/nmea-gen.c | 61 ++++++++++++++++++++++++++++--------------------------- 1 files changed, 31 insertions(+), 30 deletions(-) diff --git a/src/nmea-gen.c b/src/nmea-gen.c index a8c2483..c52f925 100644 --- a/src/nmea-gen.c +++ b/src/nmea-gen.c @@ -54,6 +54,7 @@ #include "nmea-gen.h" #define NMEA_BUF_SIZE 256 +#define NMEASTC_BUF_SIZE 256 #define NMEA_LATLON_SIZE 16 #define NMEA_UTC_SIZE 16 @@ -121,7 +122,7 @@ void nmea_getutc(D800_Pvt_Data_Type *pvt, char *utctime, char *utcdate) { h = tmp / 3600; m = (tmp - h*3600) / 60; s = (tmp - h*3600 - m*60); - sprintf(utctime, "%02d%02d%02d", h, m, s); + snprintf(utctime, NMEA_UTC_SIZE, "%02d%02d%02d", h, m, s); } if (utcdate) { @@ -149,7 +150,7 @@ void nmea_getutc(D800_Pvt_Data_Type *pvt, char *utctime, char *utcdate) { year -= 2000; - sprintf(utcdate, "%02d%02d%02d", day, month, year); + snprintf(utcdate, NMEA_UTC_SIZE, "%02d%02d%02d", day, month, year); } } @@ -157,16 +158,16 @@ void nmea_fmtlat(double lat, char *latstr) { double latdeg, tmp; latdeg = rad2deg(fabs(lat)); tmp = floor(latdeg); - sprintf(latstr, "%02d%07.4f,%c", (int)tmp, (latdeg - tmp) * 60, - (lat >= 0) ? 'N' : 'S'); + snprintf(latstr, NMEA_LATLON_SIZE, "%02d%07.4f,%c", (int)tmp, (latdeg - tmp) * 60, + (lat >= 0) ? 'N' : 'S'); } void nmea_fmtlon(double lon, char *lonstr) { double londeg, tmp; londeg = rad2deg(fabs(lon)); tmp = floor(londeg); - sprintf(lonstr, "%03d%07.4f,%c", (int)tmp, (londeg - tmp) * 60, - (lon >= 0) ? 'E' : 'W'); + snprintf(lonstr, NMEA_LATLON_SIZE, "%03d%07.4f,%c", (int)tmp, (londeg - tmp) * 60, + (lon >= 0) ? 'E' : 'W'); } /* @@ -216,12 +217,12 @@ int nmea_gpgga(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { } } - sprintf(buf, "GPGGA,%s,%s,%s,%d,%02d,,%.1f,M,%.1f,M,,", utc, slat, slon, fix, nsat, - pvt->msl_hght + pvt->alt, -pvt->msl_hght); + snprintf(buf, NMEA_BUF_SIZE, "GPGGA,%s,%s,%s,%d,%02d,,%.1f,M,%.1f,M,,", utc, slat, slon, fix, nsat, + pvt->msl_hght + pvt->alt, -pvt->msl_hght); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -268,13 +269,13 @@ int nmea_gprmc(D800_Pvt_Data_Type *pvt, char *nmeastc) { g_lastcourse = course; /* remember for later */ } - sprintf(buf, "GPRMC,%s,%c,%s,%s,%05.1f,%05.1f,%s,,", utctime, - (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V', - slat, slon, speed, course, utcdate); + snprintf(buf, NMEA_BUF_SIZE, "GPRMC,%s,%c,%s,%s,%05.1f,%05.1f,%s,,", utctime, + (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V', + slat, slon, speed, course, utcdate); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -298,12 +299,12 @@ int nmea_gpgll(D800_Pvt_Data_Type *pvt, char *nmeastc) { /* longitude */ nmea_fmtlon(pvt->lon, slon); - sprintf(buf, "GPGLL,%s,%s,%s,%c", slat, slon, utctime, - (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V'); + snprintf(buf, NMEA_BUF_SIZE, "GPGLL,%s,%s,%s,%c", slat, slon, utctime, + (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V'); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -334,7 +335,7 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { fprintf(stderr, "WARNING: unknown fix type %d\n", pvt->fix); } - sprintf(buf, "GPGSA,A,%d", fix); + snprintf(buf, NMEA_BUF_SIZE, "GPGSA,A,%d", fix); if (sat != NULL) { for (i = 0; i < SAT_MAX_COUNT; i++) { @@ -343,7 +344,7 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { #ifdef DEBUG g_debug ("%s: using sat %2d", __FUNCTION__, sat[i].svid); #endif - sprintf(buf+strlen(buf), ",%02d", sat[i].svid); + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf), ",%02d", sat[i].svid); nsat++; } else @@ -362,10 +363,10 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { strcat(buf, ",,,,,,,,,,,,"); } - sprintf(buf+strlen(buf), ",,,"); // this should be DOP info + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf),",,,"); // this should be DOP info cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -386,9 +387,9 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { int nsat, i, nout, msgi; if (sat == NULL) { - sprintf(buf, "GPGSV,1,1,00"); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,1,1,00"); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -417,15 +418,15 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { if (nsat == 0) { /* build a 'null' GPGSV string */ - sprintf(buf, "GPGSV,1,1,00"); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,1,1,00"); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); } else { /* scan the array again and build the GPGSV string(s) of active sats */ nout = 0; msgi = 1; nmeastc[0] = 0; - sprintf(buf, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); for (i = 0; i < SAT_MAX_COUNT; i++) { if (((sat[i].status & SAT_STATUS_MASK) == SAT_STATUS_GOOD) && (sat[i].svid <= MAX_SAT_SVID)) { int snr; @@ -435,24 +436,24 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { // else snr = sat[i].snr/100; /* empirically, this seems to be the correct factor */ - sprintf(buf+strlen(buf), ",%02d,%02d,%03d,%02d", - sat[i].svid, sat[i].elev, sat[i].azmth, snr); + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf), ",%02d,%02d,%03d,%02d", + sat[i].svid, sat[i].elev, sat[i].azmth, snr); nout++; /* if we have accumulated a group of 4 sats, write out the string */ if (nout == 4) { cksum = nmea_cksum(buf); - sprintf(nmeastc+strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc+strlen(nmeastc), NMEASTC_BUF_SIZE - strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); msgi++; nout = 0; - sprintf(buf, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); } } } if (nout != 0) { cksum = nmea_cksum(buf); - sprintf(nmeastc+strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc+strlen(nmeastc), NMEASTC_BUF_SIZE - strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); } } -- 1.7.6.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
