[packages/texlive.git] / texlive-source-CVE-2007-0650.patch

--- texk/makeindexk/mkind.c
+++ texk/makeindexk/mkind.c	2007-02-06 13:43:26.000000000 +0100
@@ -179,7 +179,9 @@ char   *argv[];
 		    argc--;
 		    if (argc <= 0)
 			FATAL("Expected -p <num>\n","");
-		    strcpy(pageno, *++argv);
+		    if (strlen(*++argv) >= sizeof(pageno))
+			FATAL("Page number too high\n","");
+		    strcpy(pageno, *argv);
 		    init_page = TRUE;
 		    if (STREQ(pageno, EVEN)) {
 			log_given = TRUE;
@@ -227,10 +229,10 @@ char   *argv[];
 
 	if (fn_no == 0 && !sty_given)
 	{
-		char tmp[STRING_MAX + 5];
+		char tmp[STRING_MAX];
 		
 		/* base set by last call to check_idx */
-		sprintf (tmp, "%s%s", base, INDEX_STY);
+		snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);
 		if (0 == access(tmp, R_OK)) {
 			open_sty (tmp);
 			sty_given = TRUE;
@@ -407,7 +409,7 @@ int     open_fn;
 
 	    if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)
 		FATAL("Not enough core...abort.\n", "");
-	    sprintf(idx_fn, "%s%s", base, INDEX_IDX);
+	    snprintf(idx_fn, STRING_MAX, "%s%s", base, INDEX_IDX);
 	    if ((open_fn && 
 	 ((idx_fp = OPEN_IN(idx_fn)) == NULL)
 	) ||
@@ -434,7 +436,7 @@ int     log_given;
 
     /* index output file */
     if (!ind_given) {
-	sprintf(ind, "%s%s", base, INDEX_IND);
+	snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);
 	ind_fn = ind;
     }
     if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
@@ -442,14 +444,14 @@ int     log_given;
 
     /* index transcript file */
     if (!ilg_given) {
-	sprintf(ilg, "%s%s", base, INDEX_ILG);
+	snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);
 	ilg_fn = ilg;
     }
     if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)
 	FATAL("Can't create transcript file %s.\n", ilg_fn);
 
     if (log_given) {
-	sprintf(log_fn, "%s%s", base, INDEX_LOG);
+	snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);
 	if ((log_fp = OPEN_IN(log_fn)) == NULL) {
 	    FATAL("Source log file %s not found.\n", log_fn);
 	} else {
@@ -505,6 +507,9 @@ char   *fn;
   if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
      FATAL("Index style file %s not found.\n", fn);
   } else {
+    if (strlen(found) >= sizeof(sty_fn)) {
+      FATAL("Style file %s too long.\n", found);
+    }
     strcpy(sty_fn,found);
     if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
       FATAL("Could not open style file %s.\n", sty_fn);
@@ -512,6 +517,9 @@ char   *fn;
   }
 #else
     if ((path = getenv(STYLE_PATH)) == NULL) {
+        if (strlen(fn) >= sizeof(sty_fn)) {
+          FATAL("Style file %s too long.\n", fn);
+        }
 	/* style input path not defined */
 	strcpy(sty_fn, fn);
 	sty_fp = OPEN_IN(sty_fn);
--- texk/makeindexk/mkind.h
+++ texk/makeindexk/mkind.h	2007-02-06 13:42:38.000000000 +0100
@@ -322,7 +322,7 @@ ensuing.
 #ifdef LINE_MAX		/* IBM RS/6000 AIX has this in <sys/limits.h> */
 #undef LINE_MAX
 #endif
-#define LINE_MAX      72	/* maximum output line length (longer */
+#define LINE_MAX      _POSIX2_LINE_MAX	/* maximum output line length (longer */
 				/* ones wrap if possible) */
 
 #define NUMBER_MAX    16	/* maximum digits in a Roman or Arabic */
@@ -337,7 +337,7 @@ ensuing.
 #define ROMAN_MAX     16	/* maximum length of Roman page number */
 				/* field */
 
-#define STRING_MAX    256	/* maximum length of host filename */
+#define STRING_MAX    _POSIX2_LINE_MAX	/* maximum length of host filename */
 
 /*====================================================================*/
Commit	Line	Data
768e5264 AM	1	--- texk/makeindexk/mkind.c
	2	+++ texk/makeindexk/mkind.c 2007-02-06 13:43:26.000000000 +0100
	3	@@ -179,7 +179,9 @@ char *argv[];
	4	argc--;
	5	if (argc <= 0)
	6	FATAL("Expected -p <num>\n","");
	7	- strcpy(pageno, *++argv);
	8	+ if (strlen(*++argv) >= sizeof(pageno))
	9	+ FATAL("Page number too high\n","");
	10	+ strcpy(pageno, *argv);
	11	init_page = TRUE;
	12	if (STREQ(pageno, EVEN)) {
	13	log_given = TRUE;
	14	@@ -227,10 +229,10 @@ char *argv[];
	15
	16	if (fn_no == 0 && !sty_given)
	17	{
	18	- char tmp[STRING_MAX + 5];
	19	+ char tmp[STRING_MAX];
	20
	21	/* base set by last call to check_idx */
	22	- sprintf (tmp, "%s%s", base, INDEX_STY);
	23	+ snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);
	24	if (0 == access(tmp, R_OK)) {
	25	open_sty (tmp);
	26	sty_given = TRUE;
	27	@@ -407,7 +409,7 @@ int open_fn;
	28
	29	if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)
	30	FATAL("Not enough core...abort.\n", "");
	31	- sprintf(idx_fn, "%s%s", base, INDEX_IDX);
	32	+ snprintf(idx_fn, STRING_MAX, "%s%s", base, INDEX_IDX);
	33	if ((open_fn &&
	34	((idx_fp = OPEN_IN(idx_fn)) == NULL)
	35	) \|\|
	36	@@ -434,7 +436,7 @@ int log_given;
	37
	38	/* index output file */
	39	if (!ind_given) {
	40	- sprintf(ind, "%s%s", base, INDEX_IND);
	41	+ snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);
	42	ind_fn = ind;
	43	}
	44	if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
	45	@@ -442,14 +444,14 @@ int log_given;
	46
	47	/* index transcript file */
	48	if (!ilg_given) {
	49	- sprintf(ilg, "%s%s", base, INDEX_ILG);
	50	+ snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);
	51	ilg_fn = ilg;
	52	}
	53	if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)
	54	FATAL("Can't create transcript file %s.\n", ilg_fn);
	55
	56	if (log_given) {
	57	- sprintf(log_fn, "%s%s", base, INDEX_LOG);
	58	+ snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);
	59	if ((log_fp = OPEN_IN(log_fn)) == NULL) {
	60	FATAL("Source log file %s not found.\n", log_fn);
	61	} else {
	62	@@ -505,6 +507,9 @@ char *fn;
	63	if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
	64	FATAL("Index style file %s not found.\n", fn);
65	} else {
66	+ if (strlen(found) >= sizeof(sty_fn)) {
67	+ FATAL("Style file %s too long.\n", found);
68	+ }
69	strcpy(sty_fn,found);
70	if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
71	FATAL("Could not open style file %s.\n", sty_fn);
72	@@ -512,6 +517,9 @@ char *fn;
73	}
74	#else
75	if ((path = getenv(STYLE_PATH)) == NULL) {
76	+ if (strlen(fn) >= sizeof(sty_fn)) {
77	+ FATAL("Style file %s too long.\n", fn);
78	+ }
79	/* style input path not defined */
80	strcpy(sty_fn, fn);
81	sty_fp = OPEN_IN(sty_fn);
82	--- texk/makeindexk/mkind.h
83	+++ texk/makeindexk/mkind.h 2007-02-06 13:42:38.000000000 +0100
84	@@ -322,7 +322,7 @@ ensuing.
85	#ifdef LINE_MAX /* IBM RS/6000 AIX has this in <sys/limits.h> */
86	#undef LINE_MAX
87	#endif
88	-#define LINE_MAX 72 /* maximum output line length (longer */
89	+#define LINE_MAX _POSIX2_LINE_MAX /* maximum output line length (longer */
90	/* ones wrap if possible) */
91
92	#define NUMBER_MAX 16 /* maximum digits in a Roman or Arabic */
93	@@ -337,7 +337,7 @@ ensuing.
94	#define ROMAN_MAX 16 /* maximum length of Roman page number */
95	/* field */
96
97	-#define STRING_MAX 256 /* maximum length of host filename */
98	+#define STRING_MAX _POSIX2_LINE_MAX /* maximum length of host filename */
99
100	/====================================================================/
101