libvc (003.dfsg.1-12) count-vcards-buffer-overflow.diff

Summary

 src/vc.c |   15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

    
download this patch

Patch contents

Fix buffer overflow problem, as reported in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356

 -- Rafael Laboissiere <rafael@debian.org>  Tue, 01 Jul 2008 17:10:33 +0200

Index: libvc-003.dfsg.1/src/vc.c
===================================================================
--- libvc-003.dfsg.1.orig/src/vc.c	2008-07-01 17:19:22.000000000 +0200
+++ libvc-003.dfsg.1/src/vc.c	2008-07-01 17:19:24.000000000 +0200
@@ -25,6 +25,7 @@
 #include "vc.h"
 #include <stdlib.h>
 #include <string.h>
+#define __USE_GNU
 #include <stdio.h>
 
 #define BUF_LEN 80
@@ -832,14 +833,16 @@
 int
 count_vcards (FILE * fp)
 {
-  char buf[256];
+  char* line = NULL;
+  size_t len = 0;
   int counter = 0;
 
-  while (EOF != fscanf (fp, "%s\n", buf))
-    {
-      if (0 == strcasecmp (buf, "BEGIN:VCARD"))
-        counter++;
-    }
+  while (getline (&line, &len, fp) != EOF)
+    if (0 == strncasecmp (line, "BEGIN:VCARD", 11))
+      counter++;
+
+  if (line)
+      free (line);
 
   return counter;
 }