[packages/ytnef] - new spec; with backported git patches for security issues, including CVE-2009-3887
qboosh
qboosh at pld-linux.org
Sun Dec 28 21:46:46 CET 2014
commit f147e1e2a18b17df5e4207aa2622b59a0e219a53
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sun Dec 28 21:47:45 2014 +0100
- new spec; with backported git patches for security issues, including CVE-2009-3887
ytnef-filenames.patch | 212 +++++++++++++++++++++++++++++++++++++++++++++++++
ytnef-snprintf.patch | 216 ++++++++++++++++++++++++++++++++++++++++++++++++++
ytnef-snprintf2.patch | 31 ++++++++
ytnef.spec | 61 ++++++++++++++
4 files changed, 520 insertions(+)
---
diff --git a/ytnef.spec b/ytnef.spec
new file mode 100644
index 0000000..b7e6d84
--- /dev/null
+++ b/ytnef.spec
@@ -0,0 +1,61 @@
+%include /usr/lib/rpm/macros.perl
+Summary: Yerase's TNEF Stream Reader
+Summary(pl.UTF-8): Czytnik strumieni TNET autorstwa Yerase
+Name: ytnef
+Version: 2.6
+Release: 1
+License: GPL v2+
+Group: Libraries
+# note: development continued on https://github.com/Yeraze/ytnef
+Source0: http://downloads.sourceforge.net/ytnef/%{name}-%{version}.tar.gz
+# Source0-md5: 572830ff0664a2abc3e7aea79040c338
+Patch0: %{name}-snprintf.patch
+Patch1: %{name}-filenames.patch
+Patch2: %{name}-snprintf2.patch
+URL: https://github.com/Yeraze/ytnef
+BuildRequires: libytnef-devel
+BuildRequires: rpm-perlprov
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Yerase's TNEF Stream Reader. Can take a TNEF Stream (winmail.dat)
+sent from Microsoft Outlook (or similar products) and extract the
+attachments, including construction of Contact Cards & Calendar
+entries.
+
+%description -l pl.UTF-8
+Czytnik strumieni TNET autorstwa Yerase - potrafi przyjąć strumień
+TNEF (winmail.dat) wysłany w programu Microsoft Outlook (lub
+podobnego) i wydobyć załączniki, w tym tworzenie kart kontaktowych
+oraz wpisów kalendarza.
+
+%prep
+%setup -q
+%patch0 -p2
+%patch1 -p2
+%patch2 -p2
+
+%build
+#{__libtoolize}
+#{__aclocal}
+#{__autoconf}
+#{__autoheader}
+#{__automake}
+%configure
+%{__make}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%doc ChangeLog README
+%attr(755,root,root) %{_bindir}/ytnef
+%attr(755,root,root) %{_bindir}/ytnefprint
+%attr(755,root,root) %{_bindir}/ytnefprocess.pl
diff --git a/ytnef-filenames.patch b/ytnef-filenames.patch
new file mode 100644
index 0000000..6706e98
--- /dev/null
+++ b/ytnef-filenames.patch
@@ -0,0 +1,212 @@
+From 752d83d05448d2a136b36372a097d3b5311fecc7 Mon Sep 17 00:00:00 2001
+From: Randall Hand <rhand at magicleap.com>
+Date: Fri, 1 Aug 2014 10:12:13 -0500
+Subject: [PATCH] Add extra filename sanity checking.
+
+Now filenames are checked per-character for alpha/num & .
+Where previously they were just excluded for a few bad chars.
+---
+ ytnef/src/ytnef/Makefile.am | 2 +-
+ ytnef/src/ytnef/main.c | 26 ++++++++------------------
+ ytnef/src/ytnef/settings.h | 2 ++
+ ytnef/src/ytnef/vcard.c | 33 ++++++++++-----------------------
+ ytnef/src/ytnef/vtask.c | 13 ++++++-------
+ 5 files changed, 27 insertions(+), 49 deletions(-)
+
+#diff --git a/ytnef/src/ytnef/Makefile.am b/ytnef/src/ytnef/Makefile.am
+#index 4c9ffbd..2e1ca76 100644
+#--- a/ytnef/src/ytnef/Makefile.am
+#+++ b/ytnef/src/ytnef/Makefile.am
+#@@ -4,4 +4,4 @@ bin_SCRIPTS = ytnefprocess.pl
+# ytnef_SOURCES = main.c
+# ytnef_LDADD = -lytnef
+#
+#-EXTRA_DIST = vcal.c vcard.c vtask.c utility.c ytnefprocess.pl
+#+EXTRA_DIST = vcal.c vcard.c vtask.c utility.c settings.c ytnefprocess.pl
+diff --git a/ytnef/src/ytnef/main.c b/ytnef/src/ytnef/main.c
+index 51fc2d3..564de66 100644
+--- a/ytnef/src/ytnef/main.c
++++ b/ytnef/src/ytnef/main.c
+@@ -158,14 +158,13 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ int size;
+ variableLength buf;
+ if ((buf.data = DecompressRTF(filename, &(buf.size))) != NULL) {
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.rtf", TNEF.subject.data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.rtf", filepath, TNEF.subject.data);
+- }
+- for(i=0; i<strlen(ifilename); i++)
+- if (ifilename[i] == ' ')
+- ifilename[i] = '_';
++ SanitizeFilename(ifilename);
++ if (filepath != NULL) {
++ char tmp[MAX_FILENAME_SIZE];
++ memcpy(tmp, ifilename, MAX_FILENAME_SIZE);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, tmp);
++ }
+
+ printf("%s\n", ifilename);
+ if ((fptr = fopen(ifilename, "wb"))==NULL) {
+@@ -259,14 +258,13 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ filename->data = (char*)malloc(20);
+ snprintf(filename->data, 19, "file_%03i.dat", count);
+ }
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s", filename->data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, filename->data);
+- }
+- for(i=0; i<strlen(ifilename); i++)
+- if (ifilename[i] == ' ')
+- ifilename[i] = '_';
++ SanitizeFilename(ifilename);
++ if (filepath != NULL) {
++ char tmp[MAX_FILENAME_SIZE];
++ memcpy(tmp, ifilename, MAX_FILENAME_SIZE);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, tmp);
++ }
+ printf("%s\n", ifilename);
+ if (savefiles == 1) {
+ if ((fptr = fopen(ifilename, "wb"))==NULL) {
+@@ -297,6 +295,6 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ #include "vcal.c"
+ #include "vcard.c"
+ #include "vtask.c"
+-
++#include "settings.c"
+
+
+diff --git a/ytnef/src/ytnef/settings.h b/ytnef/src/ytnef/settings.h
+index 993e9cf..3ad4412 100644
+--- a/ytnef/src/ytnef/settings.h
++++ b/ytnef/src/ytnef/settings.h
+@@ -24,4 +24,6 @@
+
+ #define MAX_FILENAME_SIZE 1024
+
++void SanitizeFilename(char *filename);
++
+ #endif // YTNEF_SRC_YTNEF_SETTINGS_H_
+diff --git a/ytnef/src/ytnef/vcard.c b/ytnef/src/ytnef/vcard.c
+index 2bfa17b..177e2fd 100644
+--- a/ytnef/src/ytnef/vcard.c
++++ b/ytnef/src/ytnef/vcard.c
+@@ -10,35 +10,22 @@ void SaveVCard(TNEFStruct TNEF) {
+ if ((vl = MAPIFindProperty(&(TNEF.MapiProperties), PROP_TAG(PT_STRING8, PR_DISPLAY_NAME))) == MAPI_UNDEFINED) {
+ if ((vl=MAPIFindProperty(&(TNEF.MapiProperties), PROP_TAG(PT_STRING8, PR_COMPANY_NAME))) == MAPI_UNDEFINED) {
+ if (TNEF.subject.size > 0) {
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", TNEF.subject.data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, TNEF.subject.data);
+- }
+ } else {
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "unknown.vcard");
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/unknown.vcard", filepath);
+- }
+ }
+ } else {
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", vl->data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, vl->data);
+- }
+ }
+ } else {
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", vl->data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, vl->data);
+- }
+ }
+- for(i=0; i<strlen(ifilename); i++)
+- if (ifilename[i] == ' ')
+- ifilename[i] = '_';
++ SanitizeFilename(ifilename);
++ if (filepath) {
++ char temp[MAX_FILENAME_SIZE];
++ memcpy(temp, ifilename, MAX_FILENAME_SIZE);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, temp);
++ }
+ printf("%s\n", ifilename);
+
+ if (savefiles == 0) return;
+diff --git a/ytnef/src/ytnef/vtask.c b/ytnef/src/ytnef/vtask.c
+index 7624419..257528c 100644
+--- a/ytnef/src/ytnef/vtask.c
++++ b/ytnef/src/ytnef/vtask.c
+@@ -20,14 +20,13 @@ void SaveVTask(TNEFStruct TNEF) {
+ while (vl->data[index] == ' ')
+ vl->data[index--] = 0;
+
+- if (filepath == NULL) {
+ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcf", vl->data);
+- } else {
+- snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcf", filepath, vl->data);
++ SanitizeFilename(ifilename);
++ if (filepath) {
++ char temp[MAX_FILENAME_SIZE];
++ memcpy(temp, ifilename, MAX_FILENAME_SIZE);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, temp);
+ }
+- for(i=0; i<strlen(ifilename); i++)
+- if (ifilename[i] == ' ')
+- ifilename[i] = '_';
+ printf("%s\n", ifilename);
+
+ if (savefiles == 0) return;
+From 863467fed1dd9321f6461d6c2abcf6c67fe0a691 Mon Sep 17 00:00:00 2001
+From: Randall Hand <rhand at magicleap.com>
+Date: Fri, 1 Aug 2014 10:16:08 -0500
+Subject: [PATCH] Initial checkin of settings.c
+
+---
+ ytnef/src/ytnef/settings.c | 36 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+ create mode 100644 ytnef/src/ytnef/settings.c
+
+diff --git a/ytnef/src/ytnef/settings.c b/ytnef/src/ytnef/settings.c
+new file mode 100644
+index 0000000..a57e6c3
+--- /dev/null
++++ b/ytnef/src/ytnef/settings.c
+@@ -0,0 +1,36 @@
++/*
++* Yerase's TNEF Stream Reader
++* Copyright (C) 2003 Randall E. Hand
++*
++* This program is free software; you can redistribute it and/or modify
++* it under the terms of the GNU General Public License as published by
++* the Free Software Foundation; either version 2 of the License, or
++* (at your option) any later version.
++*
++* This program is distributed in the hope that it will be useful,
++* but WITHOUT ANY WARRANTY; without even the implied warranty of
++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++* GNU General Public License for more details.
++*
++* You should have received a copy of the GNU General Public License
++* along with this program; if not, write to the Free Software
++* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++*
++* You can contact me at randall.hand at gmail.com for questions or assistance
++*/
++
++#include "settings.h"
++
++
++// Replace every character in a filename (in place)
++// that is not a valid AlphaNumeric (a-z, A-Z, 0-9) or a period
++// with an underscore.
++void SanitizeFilename(char *filename) {
++ int i;
++ for (i = 0; i < strlen(filename); ++i) {
++ if (! (isalnum(filename[i]) || (filename[i] == '.'))) {
++ filename[i] = '_';
++ }
++ }
++}
++
diff --git a/ytnef-snprintf.patch b/ytnef-snprintf.patch
new file mode 100644
index 0000000..7266e60
--- /dev/null
+++ b/ytnef-snprintf.patch
@@ -0,0 +1,216 @@
+From eddd89c34f372e6708db768195140896e0c7522e Mon Sep 17 00:00:00 2001
+From: Randall Hand <rhand at magicleap.com>
+Date: Fri, 1 Aug 2014 08:57:40 -0500
+Subject: [PATCH] Switched 'sprintf' for 'snprintf'
+
+Hopefully this eliminates the potential buffer overflow on
+filenames.
+---
+ ytnef/configure.ac | 2 +-
+ ytnef/src/ytnef/main.c | 15 ++++++++-------
+ ytnef/src/ytnef/settings.h | 27 +++++++++++++++++++++++++++
+ ytnef/src/ytnef/utility.c | 1 +
+ ytnef/src/ytnef/vcal.c | 7 ++++---
+ ytnef/src/ytnef/vcard.c | 19 ++++++++++---------
+ ytnef/src/ytnef/vtask.c | 7 ++++---
+ 7 files changed, 55 insertions(+), 23 deletions(-)
+ create mode 100644 ytnef/src/ytnef/settings.h
+
+diff --git a/ytnef/src/ytnef/main.c b/ytnef/src/ytnef/main.c
+index a667135..7cd6f60 100644
+--- a/ytnef/src/ytnef/main.c
++++ b/ytnef/src/ytnef/main.c
+@@ -3,6 +3,7 @@
+ #include <string.h>
+ #include <ytnef.h>
+ #include "config.h"
++#include "settings.h"
+
+ #define PRODID "PRODID:-//The Gauntlet//" PACKAGE_STRING "//EN\n"
+
+@@ -117,7 +118,7 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ Attachment *p;
+ int RealAttachment;
+ int object;
+- char ifilename[256];
++ char ifilename[MAX_FILENAME_SIZE+1];
+ int i, count;
+ int foundCal=0;
+
+@@ -158,9 +159,9 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ variableLength buf;
+ if ((buf.data = DecompressRTF(filename, &(buf.size))) != NULL) {
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s.rtf", TNEF.subject.data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.rtf", TNEF.subject.data);
+ } else {
+- sprintf(ifilename, "%s/%s.rtf", filepath, TNEF.subject.data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.rtf", filepath, TNEF.subject.data);
+ }
+ for(i=0; i<strlen(ifilename); i++)
+ if (ifilename[i] == ' ')
+@@ -256,12 +257,12 @@ void ProcessTNEF(TNEFStruct TNEF) {
+ filename = (variableLength*)malloc(sizeof(variableLength));
+ filename->size = 20;
+ filename->data = (char*)malloc(20);
+- sprintf(filename->data, "file_%03i.dat", count);
++ snprintf(filename->data, 19, "file_%03i.dat", count);
+ }
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s", filename->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s", filename->data);
+ } else {
+- sprintf(ifilename, "%s/%s", filepath, filename->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s", filepath, filename->data);
+ }
+ for(i=0; i<strlen(ifilename); i++)
+ if (ifilename[i] == ' ')
+diff --git a/ytnef/src/ytnef/settings.h b/ytnef/src/ytnef/settings.h
+new file mode 100644
+index 0000000..993e9cf
+--- /dev/null
++++ b/ytnef/src/ytnef/settings.h
+@@ -0,0 +1,27 @@
++/*
++* Yerase's TNEF Stream Reader
++* Copyright (C) 2003 Randall E. Hand
++*
++* This program is free software; you can redistribute it and/or modify
++* it under the terms of the GNU General Public License as published by
++* the Free Software Foundation; either version 2 of the License, or
++* (at your option) any later version.
++*
++* This program is distributed in the hope that it will be useful,
++* but WITHOUT ANY WARRANTY; without even the implied warranty of
++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++* GNU General Public License for more details.
++*
++* You should have received a copy of the GNU General Public License
++* along with this program; if not, write to the Free Software
++* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++*
++* You can contact me at randall.hand at gmail.com for questions or assistance
++*/
++
++#ifndef YTNEF_SRC_YTNEF_SETTINGS_H_
++#define YTNEF_SRC_YTNEF_SETTINGS_H_
++
++#define MAX_FILENAME_SIZE 1024
++
++#endif // YTNEF_SRC_YTNEF_SETTINGS_H_
+diff --git a/ytnef/src/ytnef/utility.c b/ytnef/src/ytnef/utility.c
+index 6053bca..3bc68a7 100644
+--- a/ytnef/src/ytnef/utility.c
++++ b/ytnef/src/ytnef/utility.c
+@@ -1,3 +1,4 @@
++#include "settings.h"
+ void fprintProperty(TNEFStruct TNEF, FILE *FPTR, DWORD PROPTYPE, DWORD PROPID, char TEXT[]) {
+ variableLength *vl;
+ if ((vl=MAPIFindProperty(&(TNEF.MapiProperties), PROP_TAG(PROPTYPE, PROPID))) != MAPI_UNDEFINED) {
+diff --git a/ytnef/src/ytnef/vcal.c b/ytnef/src/ytnef/vcal.c
+index 54469b0..4435544 100644
+--- a/ytnef/src/ytnef/vcal.c
++++ b/ytnef/src/ytnef/vcal.c
+@@ -1,3 +1,4 @@
++#include "settings.h"
+ unsigned char GetRruleCount(unsigned char a, unsigned char b) {
+ return ((a << 8) | b);
+ }
+@@ -180,7 +181,7 @@ void PrintRrule(FILE *fptr, char *recur_
+ }
+
+ void SaveVCalendar(TNEFStruct TNEF) {
+- char ifilename[256];
++ char ifilename[MAX_FILENAME_SIZE];
+ variableLength *filename;
+ char *charptr, *charptr2;
+ FILE *fptr;
+@@ -190,9 +191,9 @@ void SaveVCalendar(TNEFStruct TNEF) {
+ dtr thedate;
+
+ if (filepath == NULL) {
+- sprintf(ifilename, "calendar.vcf");
++ snprintf(ifilename, MAX_FILENAME_SIZE, "calendar.vcf");
+ } else {
+- sprintf(ifilename, "%s/calendar.vcf", filepath);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/calendar.vcf", filepath);
+ }
+ printf("%s\n", ifilename);
+ if (savefiles == 0)
+diff --git a/ytnef/src/ytnef/vcard.c b/ytnef/src/ytnef/vcard.c
+index 6e6e41a..2bfa17b 100644
+--- a/ytnef/src/ytnef/vcard.c
++++ b/ytnef/src/ytnef/vcard.c
+@@ -1,5 +1,6 @@
++#include "settings.h"
+ void SaveVCard(TNEFStruct TNEF) {
+- char ifilename[512];
++ char ifilename[MAX_FILENAME_SIZE];
+ FILE *fptr;
+ variableLength *vl;
+ variableLength *pobox, *street, *city, *state, *zip, *country;
+@@ -10,29 +11,29 @@ void SaveVCard(TNEFStruct TNEF) {
+ if ((vl=MAPIFindProperty(&(TNEF.MapiProperties), PROP_TAG(PT_STRING8, PR_COMPANY_NAME))) == MAPI_UNDEFINED) {
+ if (TNEF.subject.size > 0) {
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s.vcard", TNEF.subject.data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", TNEF.subject.data);
+ } else {
+- sprintf(ifilename, "%s/%s.vcard", filepath, TNEF.subject.data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, TNEF.subject.data);
+ }
+ } else {
+ if (filepath == NULL) {
+- sprintf(ifilename, "unknown.vcard");
++ snprintf(ifilename, MAX_FILENAME_SIZE, "unknown.vcard");
+ } else {
+- sprintf(ifilename, "%s/unknown.vcard", filepath);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/unknown.vcard", filepath);
+ }
+ }
+ } else {
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s.vcard", vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", vl->data);
+ } else {
+- sprintf(ifilename, "%s/%s.vcard", filepath, vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, vl->data);
+ }
+ }
+ } else {
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s.vcard", vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcard", vl->data);
+ } else {
+- sprintf(ifilename, "%s/%s.vcard", filepath, vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcard", filepath, vl->data);
+ }
+ }
+ for(i=0; i<strlen(ifilename); i++)
+diff --git a/ytnef/src/ytnef/vtask.c b/ytnef/src/ytnef/vtask.c
+index aba346d..ee6580f 100644
+--- a/ytnef/src/ytnef/vtask.c
++++ b/ytnef/src/ytnef/vtask.c
+@@ -1,8 +1,9 @@
++#include "settings.h"
+ void SaveVTask(TNEFStruct TNEF) {
+ variableLength *vl;
+ variableLength *filename;
+ int index,i;
+- char ifilename[256];
++ char ifilename[MAX_FILENAME_SIZE];
+ char *charptr, *charptr2;
+ dtr thedate;
+ FILE *fptr;
+@@ -20,9 +21,9 @@ void SaveVTask(TNEFStruct TNEF) {
+ vl->data[index--] = 0;
+
+ if (filepath == NULL) {
+- sprintf(ifilename, "%s.vcf", vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s.vcf", vl->data);
+ } else {
+- sprintf(ifilename, "%s/%s.vcf", filepath, vl->data);
++ snprintf(ifilename, MAX_FILENAME_SIZE, "%s/%s.vcf", filepath, vl->data);
+ }
+ for(i=0; i<strlen(ifilename); i++)
+ if (ifilename[i] == ' ')
diff --git a/ytnef-snprintf2.patch b/ytnef-snprintf2.patch
new file mode 100644
index 0000000..1dc6a81
--- /dev/null
+++ b/ytnef-snprintf2.patch
@@ -0,0 +1,31 @@
+From 521f40679b492c3b01d09fba62de2263e39c3e62 Mon Sep 17 00:00:00 2001
+From: Randall Hand <rhand at magicleap.com>
+Date: Mon, 4 Aug 2014 11:37:37 -0500
+Subject: [PATCH] Removed final sprintf.
+
+---
+ ytnef/src/ytnefprint/main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ytnef/src/ytnefprint/main.c b/ytnef/src/ytnefprint/main.c
+index 2afcf62..7e086da 100644
+--- a/ytnef/src/ytnefprint/main.c
++++ b/ytnef/src/ytnefprint/main.c
+@@ -71,7 +71,7 @@ void PrintTNEF(TNEFStruct TNEF) {
+ int j, object;
+ int count;
+ FILE *fptr;
+- char ifilename[256];
++ char ifilename[1024];
+ char *charptr, *charptr2;
+ DDWORD ddword_tmp;
+ int SaveFile;
+@@ -225,7 +225,7 @@ void PrintTNEF(TNEFStruct TNEF) {
+ object = 0;
+ }
+ }
+- sprintf(ifilename, "%s", filename->data);
++ snprintf(ifilename, 1024, "%s", filename->data);
+ for(i=0; i<strlen(ifilename); i++)
+ if (ifilename[i] == ' ')
+ ifilename[i] = '_';
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ytnef.git/commitdiff/f147e1e2a18b17df5e4207aa2622b59a0e219a53
More information about the pld-cvs-commit
mailing list