From a6ef73359c0e0537ebf83795ebacbbfaee2c9c28 Mon Sep 17 00:00:00 2001 From: pancake Date: Fri, 19 Dec 2008 19:39:27 +0100 Subject: * Apply security patches from Erik Hovland - Thanks! --- config.mk | 5 ++++- logotool/compress.c | 1 + logotool/rgb2yuv.c | 2 ++ logotool/uncompress.c | 1 + src/dump.c | 8 ++++---- src/fiasco.c | 2 +- src/fpid.c | 7 ++++++- src/hash.c | 4 +++- src/qmode.c | 49 ++++++++++++++++++++++--------------------------- src/squeue/squeue.c | 7 ++++++- 10 files changed, 50 insertions(+), 36 deletions(-) diff --git a/config.mk b/config.mk index 851d9f3..cb82aaa 100644 --- a/config.mk +++ b/config.mk @@ -1,10 +1,13 @@ VERSION=0.4.0 PREFIX=/usr - # NetBSD stuff CFLAGS+=-I/usr/pkg/include -O2 LDFLAGS+=-L/usr/pkg/lib -Wl,-R/usr/pkg/lib HAVE_USB=1 HAVE_GUI=1 + +# For linking against this copy of libusb +#CFLAGS+=-I../libusb + diff --git a/logotool/compress.c b/logotool/compress.c index c65158c..cb32265 100644 --- a/logotool/compress.c +++ b/logotool/compress.c @@ -60,6 +60,7 @@ int compress_image(char *srcf, char *dstf, int w, int h) fdout = open( dstf, O_TRUNC | O_CREAT | O_WRONLY , 0660 ); if (fdout == -1) { printf("Cannot open file '%s' for writing\n", dstf); + fclose(fd); return 1; } diff --git a/logotool/rgb2yuv.c b/logotool/rgb2yuv.c index b3f2143..4c3a268 100644 --- a/logotool/rgb2yuv.c +++ b/logotool/rgb2yuv.c @@ -107,5 +107,7 @@ int rgb2yuv(char *from, char *to, int width, int height) for ( i = 0 ; i < height ; i+=2 ) for ( j = 0; j < width ; j +=2 ) write ( fout,&dstV[j+(i*width)], 1); + + free(dstV); free(dstU); free(dstY); free(src); return 1; } diff --git a/logotool/uncompress.c b/logotool/uncompress.c index 4d0599f..b3e19dd 100644 --- a/logotool/uncompress.c +++ b/logotool/uncompress.c @@ -119,5 +119,6 @@ int uncompress_image(char *srcf, char *dstf) //printf("logotool -w %d -h %d -v %s\n", width, height, dstf); printf("eval PATH=$PWD:$PATH logotool -w %d -h %d -m %s\n", width, height, dstf); + free(dst); free(src); return 0; } diff --git a/src/dump.c b/src/dump.c index e102ce9..3f15fce 100644 --- a/src/dump.c +++ b/src/dump.c @@ -69,17 +69,14 @@ __rf_extract_exit: * This function was covardly copied from nanddump.c @ mtd-utils-20060907 */ #define _GNU_SOURCE -#include #include #include #include #include -#include #include #include #include #include -#include //#include #include #ifndef loff_t @@ -171,6 +168,9 @@ int check_badblocks(char *mtddev) return 1; } + memset(&stat1, 0, sizeof(stat1)); + memset(&stat2, 0, sizeof(stat2)); + fprintf(stderr, "Block size %u, page size %u, OOB size %u\n", meminfo.erasesize, meminfo.writesize, meminfo.oobsize); fprintf(stderr, "Size %u, flags %u, type 0x%x\n", @@ -498,7 +498,7 @@ int dump_config() break; if (!memcmp(buf,"ConF", 4)) { loop: - read(fd, buf, 4); + ret = read(fd, buf, 4); if (ret == -1) break; printf("\n0x%08x : ConF %02x %02x %02x %02x : ", i, buf[0], buf[1], buf[2], buf[3]); diff --git a/src/fiasco.c b/src/fiasco.c index 3e9da9f..cb27b10 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -62,7 +62,7 @@ int openfiasco(char *name, char *piece_grep, int v) read(header.fd, buf, namelen); if (v) printf("Fiasco version: %2d\n", buf[3]); - strcpy(header.fwname, (char *)buf+6); + strncpy(header.fwname, (char *)buf+6, sizeof(header.fwname) - 1); if (v) for(i=6;i