[Security-team] Fwd: [2/5] Ubuntu update for t1lib

[Michael Shigorin]

	Здравствуйте.
Прошу выдать мне NMU на t1lib в Sisyphus:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439927
http://secunia.com/advisories/26241/
http://secunia.com/advisories/26901/

Сборка для M40 отправлена в /incoming/updates/4.0/;
патч для 5.0.2 прилагается.

----- Forwarded message from Michael <shigorin/gmail.com> -----

Date: Thu, 20 Sep 2007 09:53:11 -0700
From: Michael <shigorin/gmail.com>
To: yz/altlinux.org
Subject: [2/5] Ubuntu update for t1lib
Cc: Michael <shigorin/gmail.com>

Привет!

Помочь с обновлением? http://secunia.com/advisories/26241/

Sent to you by Michael via Google Reader: [2/5] Ubuntu update for t1lib
via Latest Secunia Security Advisories on 9/20/07 Ubuntu has issued an
update for t1lib. This fixes a vulnerability, which can be exploited by
malicious users to potentially compromise a vulnerable system.

[skip]
----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/
----------- следующая часть -----------
diff -Naur t1lib-5.0.2-orig/lib/t1lib/t1env.c t1lib-5.0.2/lib/t1lib/t1env.c
--- t1lib-5.0.2-orig/lib/t1lib/t1env.c	2002-11-28 03:53:11 +0200
+++ t1lib-5.0.2/lib/t1lib/t1env.c	2007-09-26 08:33:46 +0300
@@ -568,6 +568,12 @@
 #endif 
     strcat( pathbuf, DIRECTORY_SEP);
     /* And finally the filename: */
+    /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+       let's try next pathbuf */
+    if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+	i++;
+    	continue;
+    }
     strcat( pathbuf, StrippedName);
     
     /* Check for existence of the path: */