Opened 10 years ago

Closed 10 years ago

#20393 closed defect (fixed)

pstoedit 3.45 cmd line option -pagesize xx fails due to strcpy_s overflow

Reported by: jwb@… Owned by: macports-tickets@…
Priority: High Milestone:
Component: ports Version: 1.7.1
Keywords: Cc:
Port: pstoedit

Description

When invoking pstoedit with the -pagesize xx (e.g. a0) cmd line option, strcpy_s (in cppcomp.h around line 244) fails with buffer overflow in strcpy_s error. appears that test at line 238 (tobecopied < de_size) fails as tobecopied == de_size (=2 in -pagesize a1 for example). Option works if changed to <= , but not sure this is best way as line 242 then pokes a terminator just past this, which to me seems beyond the end of allocated space.

i.e. it looks as though IF line 242 is required, then de_size on invocation should be 1 greater than string length .. this probably has implications else where in the code.

Could someone please comment.. I'll fix it if there are no better offers - What is best to do please?

Attachments (1)

pstoedit-rrdtool.diff (498 bytes) - added by jwb@… 10 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 10 years ago by jwb@…

further investigation suggests this mod is correct, as in the code, where this is invoked for a specific string, the mallocs have all got a +1 at the end ..

comment:2 Changed 10 years ago by mf2k (Frank Schima)

Can you attach a patch for the portfile?

Changed 10 years ago by jwb@…

Attachment: pstoedit-rrdtool.diff added

comment:3 Changed 10 years ago by jwb@…

relevant patch added.. thanks

comment:4 Changed 10 years ago by tobypeterson

Resolution: fixed
Status: newclosed

Not exactly what he meant... anyway, cleaned up, modified Portfile, committed r54204

Note: See TracTickets for help on using tickets.