From 79c60afd4bac588e753e50b0cc5b930d52b15fcc Mon Sep 17 00:00:00 2001
From: Nikola Pajkovsky <npajkovs@fedoraproject.org>
Date: Wed, 12 Aug 2009 08:28:17 +0000
Subject: [PATCH] fix two buffer overflows

---
 cdrkit-1.1.9-buffer_overflow.patch | 66 ++++++++++++++++++++++++++++++++++++++
 cdrkit-1.1.9-root_option.patch     | 14 ++++++++
 cdrkit.spec                        | 19 ++++++++---
 3 files changed, 94 insertions(+), 5 deletions(-)
 create mode 100644 cdrkit-1.1.9-buffer_overflow.patch
 create mode 100644 cdrkit-1.1.9-root_option.patch

diff --git a/cdrkit-1.1.9-buffer_overflow.patch b/cdrkit-1.1.9-buffer_overflow.patch
new file mode 100644
index 0000000..b93d8d2
--- /dev/null
+++ b/cdrkit-1.1.9-buffer_overflow.patch
@@ -0,0 +1,66 @@
+diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
+--- origin-1.1.9/wodim/scsi_cdr.c	2008-02-25 12:14:07.000000000 +0100
++++ master-1.1.9/wodim/scsi_cdr.c	2009-07-16 12:01:29.000000000 +0200
+@@ -2181,26 +2181,30 @@
+ 		if (inq->add_len == 0) {
+ 			if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
+ 				usalp->dev = DEV_ACB5500;
+-				strcpy(inq->vendor_info,
+-					"ADAPTEC ACB-5500        FAKE");
++				strncpy(inq->vendor_info, "ADAPTEC ", 8);
++				strncpy(inq->prod_ident,"ACB-5500        ", 16);
++				strncpy(inq->prod_revision, "FAKE", 4);
+ 
+ 			} else switch (usalp->dev) {
+-
+ 				case DEV_ACB40X0:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-40X0        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ", 8);
++					strncpy(inq->prod_ident, "ACB-40X0        ",16);
++					strncpy(inq->prod_revision, "FAKE", 4);
+ 					break;
+ 				case DEV_ACB4000:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4000        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4000        ",16);
++					strncpy(inq->prod_revision, "FAKE",4);
+ 					break;
+ 				case DEV_ACB4010:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4010        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4010        ",16);
++					strncpy(inq->prod_revision, "FAKE",4);
+ 					break;
+ 				case DEV_ACB4070:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4070        FAKE");
++					strncpy(inq->vendor_info,"ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4070        ", 16);
++					strncpy(inq->prod_revision, "FAKE",4 );
+ 					break;
+ 			}
+ 		} else if (inq->add_len < 31) {
+@@ -2230,14 +2234,16 @@
+ 
+ 	case INQ_SEQD:
+ 		if (usalp->dev == DEV_SC4000) {
+-			strcpy(inq->vendor_info,
+-				"SYSGEN  SC4000          FAKE");
++			strncpy(inq->vendor_info,"SYSGEN  ",8);
++			strncpy(inq->prod_ident, "SC4000          ",16);
++			strncpy(inq->prod_revision, "FAKE",4);
+ 		} else if (inq->add_len == 0 &&
+ 					inq->removable &&
+ 						inq->ansi_version == 1) {
+ 			usalp->dev = DEV_MT02;
+-			strcpy(inq->vendor_info,
+-				"EMULEX  MT02            FAKE");
++			strncpy(inq->vendor_info,"EMULEX  ",8);
++			strncpy(inq->prod_ident, "MT02            ",16);
++			strncpy(inq->prod_revision, "FAKE",4);
+ 		}
+ 		break;
+ 
diff --git a/cdrkit-1.1.9-root_option.patch b/cdrkit-1.1.9-root_option.patch
new file mode 100644
index 0000000..79752e4
--- /dev/null
+++ b/cdrkit-1.1.9-root_option.patch
@@ -0,0 +1,14 @@
+--- cdrkit-1.1.9/genisoimage/genisoimage.c	2009-08-11 13:45:42.491887853 +0200
++++ cdrkit-1.1.9-master/genisoimage/genisoimage.c	2009-08-11 15:10:23.382014864 +0200
+@@ -3117,8 +3117,10 @@ if (check_session == 0)
+ 			if (reloc_root != NULL) {
+ 				strcpy(graft_point, reloc_root);
+ 				len = strlen(graft_point);
+-				if (graft_point[len] != '/')
++				if (graft_point[len] != '/'){
+ 					graft_point[len++] = '/';
++                    graft_point[len] = '\0';
++                }
+ 			} else {
+ 				len = 0;
+ 			}
diff --git a/cdrkit.spec b/cdrkit.spec
index 1335174..0b04b66 100644
--- a/cdrkit.spec
+++ b/cdrkit.spec
@@ -1,7 +1,7 @@
 Summary: A collection of CD/DVD utilities
 Name: cdrkit
 Version: 1.1.9
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: http://cdrkit.org/
@@ -10,6 +10,8 @@ Source: http://cdrkit.org/releases/cdrkit-%{version}.tar.gz
 Patch1: cdrkit-1.1.8-werror.patch
 Patch2: cdrkit-1.1.9-efi-boot.patch
 Patch3: cdrkit-1.1.9-types.patch
+Patch4: cdrkit-1.1.9-buffer_overflow.patch
+Patch5: cdrkit-1.1.9-root_option.patch
 
 BuildRequires: cmake libcap-devel zlib-devel perl file-devel bzip2-devel
 
@@ -70,13 +72,16 @@ Recording formats include stereo/mono, 8/12/16 bits and different
 rates. Icedax can also be used as a CD player.
 
 %prep
-%setup -q 
+%setup -q
 %patch1 -p1 -b .werror
 %patch2 -p1 -b .efi
 %patch3 -p1 -b .getline
+%patch4 -p1 -b .buffer_overflow
+%patch5 -p1 -b .root_option
+
 
 find . -type f -print0 | xargs -0 perl -pi -e 's#/usr/local/bin/perl#/usr/bin/perl#g'
-find doc -type f -print0 | xargs -0 chmod a-x 
+find doc -type f -print0 | xargs -0 chmod a-x
 
 
 %build
@@ -123,7 +128,7 @@ fi
 		%{_mandir}/man1/wodim.1.gz \
 	--slave %{_bindir}/readcd cdrecord-readcd %{_bindir}/readom \
 	--slave %{_mandir}/man1/readcd.1.gz cdrecord-readcdman \
-		%{_mandir}/man1/readom.1.gz 
+		%{_mandir}/man1/readom.1.gz
 
 %preun -n wodim
 if [ $1 = 0 ]; then
@@ -155,7 +160,7 @@ fi
 %{_sbindir}/alternatives --install %{_bindir}/cdda2wav cdda2wav \
 		%{_bindir}/icedax 50 \
 	--slave %{_mandir}/man1/cdda2wav.1.gz cdda2wav-cdda2wavman \
-		%{_mandir}/man1/icedax.1.gz 
+		%{_mandir}/man1/icedax.1.gz
 
 %preun -n icedax
 if [ $1 = 0 ]; then
@@ -211,6 +216,10 @@ fi
 %{_mandir}/man1/readmult.*
 
 %changelog
+* Wed Aug 12 2009 Nikola Pajkovsky <npajkovs@redhat.com> 1.1.9-6
+- fix #508449. fix string overflow breakage when using the -root
+- fix buffer overflow
+
 * Thu Jul 16 2009 Nikola Pajkovsky <npajkovs@redhat.com> 1.1.9-5
 - icedax require vorbis-tools
 
-- 
2.11.4.GIT