current/SOURCES/fortune-mod--security-buffer-overflows-w-tests.patch

--- fortune-mod-2.6.2/tests/t/valgrind.t.ORIG   2020-04-30 10:32:03.737000691 +0300
+++ fortune-mod-2.6.2/tests/t/valgrind.t        2020-04-30 10:32:36.067685806 +0300
@@ -7,7 +7,7 @@
 use Test::RunValgrind;
 
 # plan skip_all => 'lib-recode has memory leaks';
-plan tests => 4;
+plan tests => 7;
 
 my $obj = Test::RunValgrind->new({});
 
@@ -50,3 +50,37 @@
         blurb => 'fortune -i -m valgrind test',
     }
 );
+
+# TEST*2
+foreach my $prog (qw/ strfile unstr /)
+{
+    $obj->run(
+        {
+            log_fn => "./fortune--$prog-buffer-overflow.valgrind-log",
+            prog   => "./$prog",
+            argv   => [
+                ( ( $prog eq "randstr" ) ? ("filler") : () ),
+                scalar( "AAAAAAAAAAAAAAAA/" x 1000 )
+            ],
+            blurb => "$prog buffer overflow test",
+        }
+    );
+}
+
+# TEST
+foreach my $prog (qw/ unstr /)
+{
+    $obj->run(
+        {
+            log_fn => "./fortune--$prog-buffer-overflow.valgrind-log",
+            prog   => "./$prog",
+            argv   => [
+                scalar( "AAAAAAAAAAAAAAAA/" x 1000 ),
+                scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
+                scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
+                scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
+            ],
+            blurb => "$prog buffer overflow two args test",
+        }
+    );
+}
--- fortune-mod-2.6.2/util/randstr.c.ORIG       2016-04-05 16:53:59.000000000 +0300
+++ fortune-mod-2.6.2/util/randstr.c    2020-04-30 10:30:36.725852569 +0300
@@ -120,14 +120,18 @@
         Infile = *av;
 /* Hmm.  Don't output anything if we can help it.
  * fprintf(stderr, "Input file: %s\n",Infile); */
+        if (strlen(Infile) > sizeof(Datafile)-10)
+        {
+            perror("input filename too long.");
+            exit(1);
+        }
         if (!strrchr(Infile, '.'))
         {
-            strcpy(Datafile, Infile);
-            strcat(Datafile, ".dat");
+            snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile);
         }
         else
         {
-            strcpy(Datafile, Infile);
+            snprintf(Datafile, sizeof(Datafile), "%s", Infile);
             extc = strrchr(Infile, '.');
             *extc = '\0';
         }
--- fortune-mod-2.6.2/util/strfile.c.ORIG       2018-05-09 17:15:16.000000000 +0300
+++ fortune-mod-2.6.2/util/strfile.c    2020-04-30 10:30:36.725852569 +0300
@@ -209,7 +209,14 @@
     {
         Infile = *argv;
         if (*++argv)
-            (void) strcpy(Outfile, *argv);
+        {
+            if (strlen(*argv) > sizeof(Outfile)-10)
+            {
+                perror("input filename too long.");
+                exit(1);
+            }
+            snprintf(Outfile, sizeof(Outfile), "%s", *argv);
+        }
     }
     if (!Infile)
     {
@@ -218,8 +225,12 @@
     }
     if (*Outfile == '\0')
     {
-        strcpy(Outfile, Infile);
-        strcat(Outfile, ".dat");
+        if (strlen(Infile) > sizeof(Outfile)-10)
+        {
+            perror("input filename too long.");
+            exit(1);
+        }
+        snprintf(Outfile, sizeof(Outfile), "%s.dat", Infile);
     }
 }
 
--- fortune-mod-2.6.2/util/unstr.c.ORIG 2018-05-09 17:15:16.000000000 +0300
+++ fortune-mod-2.6.2/util/unstr.c      2020-04-30 10:30:36.726852559 +0300
@@ -139,20 +139,29 @@
     {
         Infile = *av;
         fprintf(stderr, "Input file: %s\n", Infile);
+        if (strlen(Infile) > sizeof(Datafile)-10)
+        {
+            perror("input filename too long.");
+            exit(1);
+        }
         if (!strrchr(Infile, '.'))
         {
-            strcpy(Datafile, Infile);
-            strcat(Datafile, ".dat");
+            snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile);
         }
         else
         {
-            strcpy(Datafile, Infile);
+            snprintf(Datafile, sizeof(Datafile), "%s", Infile);
             extc = strrchr(Infile, '.');
             *extc = '\0';
         }
         if (*++av)
         {
-            strcpy(Outfile, *av);
+            if (strlen(*av) > sizeof(Outfile)-10)
+            {
+                perror("input filename too long.");
+                exit(1);
+            }
+            snprintf(Outfile, sizeof(Outfile), "%s", *av);
             fprintf(stderr, "Output file: %s\n", Outfile);
         }
     }
1	--- fortune-mod-2.6.2/tests/t/valgrind.t.ORIG 2020-04-30 10:32:03.737000691 +0300
2	+++ fortune-mod-2.6.2/tests/t/valgrind.t 2020-04-30 10:32:36.067685806 +0300
3	@@ -7,7 +7,7 @@
4	use Test::RunValgrind;
5
6	# plan skip_all => 'lib-recode has memory leaks';
7	-plan tests => 4;
8	+plan tests => 7;
9
10	my $obj = Test::RunValgrind->new({});
11
12	@@ -50,3 +50,37 @@
13	blurb => 'fortune -i -m valgrind test',
14	}
15	);
16	+
17	+# TEST*2
18	+foreach my $prog (qw/ strfile unstr /)
19	+{
20	+ $obj->run(
21	+ {
22	+ log_fn => "./fortune--$prog-buffer-overflow.valgrind-log",
23	+ prog => "./$prog",
24	+ argv => [
25	+ ( ( $prog eq "randstr" ) ? ("filler") : () ),
26	+ scalar( "AAAAAAAAAAAAAAAA/" x 1000 )
27	+ ],
28	+ blurb => "$prog buffer overflow test",
29	+ }
30	+ );
31	+}
32	+
33	+# TEST
34	+foreach my $prog (qw/ unstr /)
35	+{
36	+ $obj->run(
37	+ {
38	+ log_fn => "./fortune--$prog-buffer-overflow.valgrind-log",
39	+ prog => "./$prog",
40	+ argv => [
41	+ scalar( "AAAAAAAAAAAAAAAA/" x 1000 ),
42	+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
43	+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
44	+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ),
45	+ ],
46	+ blurb => "$prog buffer overflow two args test",
47	+ }
48	+ );
49	+}
50	--- fortune-mod-2.6.2/util/randstr.c.ORIG 2016-04-05 16:53:59.000000000 +0300
51	+++ fortune-mod-2.6.2/util/randstr.c 2020-04-30 10:30:36.725852569 +0300
52	@@ -120,14 +120,18 @@
53	Infile = *av;
54	/* Hmm. Don't output anything if we can help it.
55	* fprintf(stderr, "Input file: %s\n",Infile); */
56	+ if (strlen(Infile) > sizeof(Datafile)-10)
57	+ {
58	+ perror("input filename too long.");
59	+ exit(1);
60	+ }
61	if (!strrchr(Infile, '.'))
62	{
63	- strcpy(Datafile, Infile);
64	- strcat(Datafile, ".dat");
65	+ snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile);
66	}
67	else
68	{
69	- strcpy(Datafile, Infile);
70	+ snprintf(Datafile, sizeof(Datafile), "%s", Infile);
71	extc = strrchr(Infile, '.');
72	*extc = '\0';
73	}
74	--- fortune-mod-2.6.2/util/strfile.c.ORIG 2018-05-09 17:15:16.000000000 +0300
75	+++ fortune-mod-2.6.2/util/strfile.c 2020-04-30 10:30:36.725852569 +0300
76	@@ -209,7 +209,14 @@
77	{
78	Infile = *argv;
79	if (*++argv)
80	- (void) strcpy(Outfile, *argv);
81	+ {
82	+ if (strlen(*argv) > sizeof(Outfile)-10)
83	+ {
84	+ perror("input filename too long.");
85	+ exit(1);
86	+ }
87	+ snprintf(Outfile, sizeof(Outfile), "%s", *argv);
88	+ }
89	}
90	if (!Infile)
91	{
92	@@ -218,8 +225,12 @@
93	}
94	if (*Outfile == '\0')
95	{
96	- strcpy(Outfile, Infile);
97	- strcat(Outfile, ".dat");
98	+ if (strlen(Infile) > sizeof(Outfile)-10)
99	+ {
100	+ perror("input filename too long.");
101	+ exit(1);
102	+ }
103	+ snprintf(Outfile, sizeof(Outfile), "%s.dat", Infile);
104	}
105	}
106
107	--- fortune-mod-2.6.2/util/unstr.c.ORIG 2018-05-09 17:15:16.000000000 +0300
108	+++ fortune-mod-2.6.2/util/unstr.c 2020-04-30 10:30:36.726852559 +0300
109	@@ -139,20 +139,29 @@
110	{
111	Infile = *av;
112	fprintf(stderr, "Input file: %s\n", Infile);
113	+ if (strlen(Infile) > sizeof(Datafile)-10)
114	+ {
115	+ perror("input filename too long.");
116	+ exit(1);
117	+ }
118	if (!strrchr(Infile, '.'))
119	{
120	- strcpy(Datafile, Infile);
121	- strcat(Datafile, ".dat");
122	+ snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile);
123	}
124	else
125	{
126	- strcpy(Datafile, Infile);
127	+ snprintf(Datafile, sizeof(Datafile), "%s", Infile);
128	extc = strrchr(Infile, '.');
129	*extc = '\0';
130	}
131	if (*++av)
132	{
133	- strcpy(Outfile, *av);
134	+ if (strlen(*av) > sizeof(Outfile)-10)
135	+ {
136	+ perror("input filename too long.");
137	+ exit(1);
138	+ }
139	+ snprintf(Outfile, sizeof(Outfile), "%s", *av);
140	fprintf(stderr, "Output file: %s\n", Outfile);
141	}
142	}