MFE: Security Fix (OpenPKG-SA-2006.042, OpenPKG-TT-E1#29)

openser/openser.patch

@@ -108,3 +108,35 @@ Index: rtpproxy/rtpp_util.h
  #define err(exitcode, format, args...) \
    errx(exitcode, format ": %s", ## args, strerror(errno))
  #define errx(exitcode, format, args...) \
+
+-----------------------------------------------------------------------------
+
+Security Fix (OpenPKG-SA-2006.042, OpenPKG-TT-E1#29)
+
+Index: modules/permissions/parse_config.c
+--- modules/permissions/parse_config.c.orig	2005-06-13 18:47:43 +0200
++++ modules/permissions/parse_config.c	2006-12-26 11:15:25 +0100
+@@ -111,8 +111,11 @@
+ 	except = strstr(str, " EXCEPT ");
+ 	if (except) {
+ 		/* exception found */
+-		strncpy(str2, str, except-str);
+-		str2[except-str] = '\0';
++		int l = except - str;
++		if (l > sizeof(str2) - 1)
++			l = sizeof(str2) - 1;
++		strncpy(str2, str, l);
++		str2[l] = '\0';
+ 		/* except+8 points to the exception */
+ 		if (parse_expression_list(except+8, e_exceptions)) {
+ 			/* error */
+@@ -121,7 +124,8 @@
+ 		}
+ 	} else {
+ 		/* no exception */
+-		strcpy(str2, str);
++		strncpy(str2, str, sizeof(str2)-1);
++		str2[sizeof(str2)-1] = '\0';
+ 		*e_exceptions = NULL;
+ 	}
+ 	

openser/openser.spec

@@ -37,7 +37,7 @@ Class:        PLUS
 Group:        VoIP
 License:      GPL
 Version:      %{V_openser}
-Release:      20070313
+Release:      20070413
 
 #   package options
 %option       with_fsl  yes