From 60bdeb63cadfed109a609ac855c8f2b20a2f0d8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torbj=C3=B6rn=20Svensson?= Date: Wed, 4 Nov 2020 22:52:51 +0100 Subject: [PATCH] Bug 568079: Fix potential buffer overflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I79898944575f895bfe4d99ce2aabaa88ea58d678 Signed-off-by: Torbjörn Svensson --- .../native_src/serial.c | 6 +++--- .../os/linux/aarch64/libserial.so | Bin 13744 -> 13744 bytes .../os/linux/ppc64le/libserial.so | Bin 71072 -> 71072 bytes .../os/linux/x86_64/libserial.so | Bin 13224 -> 13224 bytes .../os/macosx/x86_64/libserial.jnilib | Bin 13756 -> 13756 bytes 5 files changed, 3 insertions(+), 3 deletions(-) diff --git a/native/org.eclipse.cdt.native.serial/native_src/serial.c b/native/org.eclipse.cdt.native.serial/native_src/serial.c index 53951cda19f..ec42c9bddc2 100644 --- a/native/org.eclipse.cdt.native.serial/native_src/serial.c +++ b/native/org.eclipse.cdt.native.serial/native_src/serial.c @@ -53,7 +53,7 @@ static void closeAndthrowIOException(HANDLE handle, JNIEnv *env, const char *msg #endif char buff[256]; #ifndef __MINGW32__ - sprintf(buff, "%s: %s", msg, strerror(errno)); + snprintf(buff, sizeof(buff), "%s: %s", msg, strerror(errno)); close(fd); #else sprintf_s(buff, sizeof(buff), "%s (%d)", msg, GetLastError()); @@ -67,7 +67,7 @@ static void closeAndthrowIOException(HANDLE handle, JNIEnv *env, const char *msg static void throwIOException(JNIEnv *env, const char *msg) { char buff[256]; #ifndef __MINGW32__ - sprintf(buff, "%s: %s", msg, strerror(errno)); + snprintf(buff, sizeof(buff), "%s: %s", msg, strerror(errno)); #else sprintf_s(buff, sizeof(buff), "%s (%d)", msg, GetLastError()); #endif @@ -82,7 +82,7 @@ JNIEXPORT jlong JNICALL FUNC(open0)(JNIEnv *env, jobject jobj, jstring portName, int fd = open(cportName, O_RDWR | O_NOCTTY | O_NDELAY); if (fd < 0) { char msg[256]; - sprintf(msg, "Error opening %s", cportName); + snprintf(msg, sizeof(msg), "Error opening %s", cportName); (*env)->ReleaseStringUTFChars(env, portName, cportName); throwIOException(env, msg); return fd; diff --git a/native/org.eclipse.cdt.native.serial/os/linux/aarch64/libserial.so b/native/org.eclipse.cdt.native.serial/os/linux/aarch64/libserial.so index f5cc2058d06c16ce4ca39fe9912b43b3bfa26d68..cbad242128a3455254c6b43bb02e7ef9fad1a286 100755 GIT binary patch delta 1385 zcmZ8hZD?Cn7=GV-lhUk9Ka!i?WSAyxOw+NpX*0KUf_k&U(y~oVtx(*+)`4@jE8Pb; zP+0b3;s?mm7h0wa8oHts9m#HgEPr&xp(uz}{NcxswbOzFVOFRvFs<)7_l99k$n&1_ zywCfblY8!)!gyi)(x}TH06F}{6G_x&Hu@Ge&piKi`}SAw7uS6c{`&m-H?)LH=%y7_ zr>ru7C}y}$MMcM-1X82wr#})7T2eHep_H1&+fqFhwYZODg-_z9sF-&2;5}*Z94$L^ z+)ZPQFN=9^5dl0<2RECob7idnA9Iv^y+usaSaDcX1wwXJr_W+LtN@SGh9iy#7dADlV-8@h9f-Mnw$Fta=)s|;(UWqzN6wIhO^(jzO^+w z7dJ}Nbiu7*mS)^Tc$V(Eec|7TL0Z!e!oese9-$C|uZ;^<~8`A`~D? zL-j-0PYd~8W2n|`!dw%Rlo8X{`z(SNsQg=-k4>m@MSa^lE&E)+YyLw7w#Qcu{b)ru+{`JZZn z^8nfDQ2M5M4<{+re1sp(6~;a)H%BnSxp}OiW&IegnNk1yPWmC}ZxR;u_m z*J!z2$Im4GEHJRaKf(jsp}HmhmQ^ZUi0PCWRSKoj+%H*k?>qCu-0 z=(U3*oCZ|rHm^}NEVWbZY?(csg(cPOg_jT@7X)3f@~ delta 1378 zcmZuwZ)jUp6hG&^WNX@`X_}-j54WUg)~2(6lE&4{S=}q8#HnMZ6GZyK{V5w;huT>j zGN=(mndsQt(UnoA>Hfgn#z=V`7^YYiMEs(|3Y*AW-N0{ZVJN|N_1yPvJ{Y_qzjM#; z{O&o2ckd~V7Dtco^neb|n%SShU~%e)#fRU$_TWeNYv0@a_Rq@6XedInIE!oOx~frL zc>+P~@Gi|L8r~F04Qd#tZ2tr5SF?D_R@}0gOZGl!<2}KgaHa5f``DZ-jA`2C(r_Pr z;nI4F2+#<1aG}X*C@&kk%vSKldWRTU<=7qKlpc|%f+2@(cMLp2i>@RNGHRZurKXSi z-CBPtEG5!R$mqPxFfaMLl5f`>qK193UJ!Mu=ssp`S@j1}SIzd`wF*E3hno36X`bW; zRXE6;SjfLd85h12SKy#EQ}cDEiQJz>?nJgrY()+>&j52^xR>HzU z5t`{k?-0I9i{9kscUZu|(g@pMRk$bwD3YC($?A;qHj#vrRwdb8KZIGjT0h#lUI?;K zDrAjP6kzOt0?*os@|Mk=&G(T10ihp2bAbzrGyhnh`QmD9_x+Vg zal9Gr+I{|{C$n=0w>SnI8U$IUH zp2ARJ*`Y)Mg#3^w@Et7&<9LN)p*Vg_gP|SkW?3a#s;v|&#GS4+qufMSLmfCl3!%d} zPR}9Bs|$-#FRe z0OwQqx!?0T#HW;NP3TKikM;p!q?~6Zv+oC z)XC2(&DYkh4W_dCm6s3ge{p;-866u*@AO)acJ`|DQgVSWE|>Zo@q6;8lb*__NYU1G m#$(7UFz9GHQ(L)^rLgsF`Yi=-P_8%Qd8XT`^9z|9qyGYXu3#WcE3yY^2Xk{YRW@5;W!)ZZ zS?dfUPP(#%Z+f;_wsg1$sRbp2;)_<cVOl>^K;-$z(!)K8UFQ6{-OU~EH5?ha)*7d;F^Of`q4nZ-5lvio z&=_E@+|Qyx=9NBx<*_qg$A2cdaS3l^N69n=^Lv$d?i#OATJ zo>IEm^#vHK%LZ6Wy`)Yn#R-ueyeBMy4}3D$D1FJ4=d4Vuj`Dia|BPbObXkvYcvGFK zZ7JF)&d$27@Ec@QjbpGlSv3pl@uj11tx6HkANMk0xv_Z47t`sN;4YdAHWbs<&04&3 zte@Sy{m-K>xAlMi)mDasTZgwdj!l&xZMRtF_5s#$$2kwtMC~EWkP%AY8)^?F+LxB4 zVmLN1s<9?lb@A^NY~ScG>u4M9?i|ZjxP64CLWgjSHiZ*7O*_Klc#Rgq=K6j%ncj?! zwog>e`;R&DFH^1YEbh{aMyH+oOEx;mdfSdW7Q3Gtb8I#hXN*=4?$NK2xK@5Zwb8fn z66Kim_G+@SH&|xzUKh2m4G|-P`QZ)5jNz753 z)r~Hiu%5sK%~%O-;ZOR>YS!+*PG0)}Qgqnfk8@PE6PTx_`d4d)?#XuI6|yhTMa%Tp zC?rdZRwFjj_w^TqwPUfpPF<|Em|nMe5ukx`FSZmfm-l<^7WL5Q#U+~fh_;2~n_7IQ zj$4@HnJRP|rJzJt;wV2`1rta4qDWn5+^;pjN`Vz#=I<2Fs{e~WP>}rE-8HV?Eb-X zYlQtJ*GJ@kKZ;LX1K1~hl-8gH;D#Sb#CXOp9A0wU&c5Zx8ybHY#M9b4gZzgeHqEB0 bG3eoi5K7oGn+xNDjtx8$MJw`rB#QXIXq+zN delta 1291 zcmZuxT}%{L6h3EmV3}o=9c42=Kol3U)rBk=2(D3K6Hyy{F-RKH2iBxTXS|ac zr7;pTb#v5iCx>m~hqLA7W&9Bmf_*gcR_>TTdC)%G!rl z5nx5k0~MxCeeWnPb1(3nJ{vggw!PQU|EAgVnC(ENq#RZ@I&2+1l!N7;J2NnBQ3aoi zXUf4RNX_d{59W;`wYsBzk)IO{Sn^^%a9~Y(*j*x1g}0RM6~@v{-gQ!7TVfxKKYgA3 zYSX@}UvG%F1QN}Q*%lq5PftMOGci9*$>qJuZ<-jgffkwnQu^LOBf=_2Q3I?F-=uwfp+lfBOHbuI}^DnB;E{KwtP1xYG0i zHbw@VFPwIAyt_cAx&{BCc6B?Rr6EUoMHz!jo-1pd<+}6x$1qr^Cz1WA6and zI^E9fk?mj;LpN$H?nd3HlHcEE?W~q-P+@z7JHv)V*ceN?@f)MlS(DpVGnT5B9D2g( z=-tlg-*@ob&YfjF1w7jqoc2NSJ6j&GQ|Pjs_`}p7Fjc`Ynk=gDtnOQ3N553CQ^G@R nnHMYB<3g+-UGK&HE_SU5Ggv*^vBIe-%ZMA{h`8a22J!8dwLd@mkiB#Bt!;G|hD^WX zEcC%7P6-mpev*HxK%KcLDtu*~3tGwRsDV=$C!#Iu43GdOCfhZOV} zrG`v_u{0*Jx7=>67F`|z#_Y_>lF~K9Zr%PSA-5k+)eP|@4O4Y~hp6e<8ZbM)ZuD6; z>E3>vGD>A3Nq6edqC-uNjW?vM;)6}7#n7kN)C^I#OH}; z{Fg{Xx_=}Y9*-9j$dT@^RA6$Xrc{pfs#>(toPsUZyWmAUVJ+F|`j?^@MaU1@nAL;&fMFv%iR&K)bR2e?T_S9(g@oQ92_YR`%|CCGC_8jHd#lxa% z4sAWPwB(iR5h)N~wyndU%>hN&VY}bC{wj~^-Alm{bxJvWj!HkO{9!X2a-O`LNOX_1 z7RiyQe4P<>95C@+`hti<=&*-!zWZC{?OM$%T;_Rjz@F_~AYP<*yH+XB89qmw9j{g{ z*zbT0=U=O88Rn-z{(7ttZ>BGJx9AowE#mW{-+6eEXKc%mBX`E-Xk~#xJ+}BM{6$|E+rBZV@%#ZYnJzaZXV-xV4XDPKYcNgXeH$|5&8%}ps9ukU#0oa5BetI`d&W_Biu93TQ4f#VkFy(172vf5<+~jazMLF9^4% zCJ8@SlZnXv?ew0Y+>n3m}Tz{1Qd2%$f-12*DB=KBy(+Ooa`2w;Q9fqOjfk<*jyFxXfp zp#&9JOIjL>DYe-jf@_+R@#h%50=0}&R#jz_=*i88IQnzzDdbpgy^xfSYrG|%eo-TI zXuyusj;-i5_@MVG$~obE0GjZkSAtGeqAHJKZJy*GqN~qiR`-(gx;>!xGv2TGa|3-r zoWHtnRpVfuNQ>!zlbAAEdQgBX=r6B=LF_8e{~vD|7k~f& delta 1550 zcmZuxZ%kWN6u;+{(iYkZ-7BvJS7@c{1V$mqrb`w=ME6Q!+_EOaOyQ9b7mRZ(U?N09 z7{R4B#KDmdGl<8>YTbUem=P_g)6PL~BeW?G;B%5liz!yhd&WMMEvYThU? zmcu0WaZ!=ckcp$fn1?x8+G{9YHuWD6bA7MNQ2dfGvUIc8hiP&Y!!o#*eDPzE>dwl^$gxK0jZCO~z z)V-PC>fjD#n6kA)wz|V!2;fv-ar`6%zPLRqx6APqr!C;wpejjJaf(#Ua-~ zwfYxj?vImi-vy4Wvz<~jtV>Z(-L5tC2?gM3cPSomdtnED=-vbMxaiIURkc56w?G%> zdZg^bRvz*_^)-i8p0+1${h?|76CDk5azLisNxh;x;Ek;L)!>vT~i1N_DSrPCSwbWn$|(ug*%!yLOf4y=ZQ~I!fV6_sGB9?7ijZD zIz9)9pCZ0Z94Ed;Kd*zh0u#OnwBcD_q(`P)c8XaYkJE%7_k7Cz16S6%bKVi2b!7@y zoi=jh_P6P~LiWq+>=)MTBcwk>J?YnDHQw@bCU@ZRU(r|jK+{5u;aA%5QcD& zumR5!zOT;uYchuNi!dkP1BOoq3L%cMKo2~PslXXf)Xu^y017q-z1SH1jEupM*WzXh zu>>OSCMk!tsk=j8fL~t+)jUa`K-YKNNfR2EF<2adZ!uQfL?I`On}oC%v%=-UKGAUK zF^HX}OGV^iY z)Ia)yMCe5Q-wRcSH#bSN8MzS&Uexhb9pBP%kfZfeiq*S;30Vs8-f}x z*$&W-xh107RGI+1Rd$o_@0O@Tu^DYCDwIzH)M6?cb*#QzafFI(4#j-O6s#rb-^rP&vi?xOjD-TNbcCg&8%&nZQHz!3 z{eG*%^4w~O=I0ymxr98C2x%b#S!ZwLI2=X~pDo0}?N)b7$SF==;Ph2ak8*mP(ChKDgv_z!Kft!8jF>7!|S@W z_%We3d$XQ4W?|rFe}*i2F<*K#iDE&)`X>?8?f1Jrc@FoS-{<@Lea|`fcNRw$M>12* z2`{rpxp6Zl@(2fwPCd^_DtG#JGfg#7LKN=w7i}DDJ`A+cb@W$81Q}ETd zXM3;#-RGX%LYqhz1qMTp;ac4WT1%AgEnI0S^MG1UcL*~(ho!WAv!Q#*whQ7)8@~;s zN@(YOCu5oQzn1kArwgkcIQxb1QQZ6zgNo95Tz`)lVdyIudJVmTp&G(n=}7e~25n=> zZsQNO(SujwAKA{d?L20@z)l?K6J~ciME!mI8r<{maL2IqGq0+59gJPTQF!XN9I1AE zmd~q}WexWbRfzhCN<>3M^F)`49up;rW{C`<8KNxF9ioRs6GVBUF{0;0mx$gHohSN0 zbjpHoaF8b;8{Ey~Pz-i8P5r_ujwpP?+;=$I8YqNY1I-Xu*Fn`z@)}HQ9sXM9O5=?> zHIb`}<3Wt&6vjNv$=<8p}XN_tY#(_8fr%WO@s b8A;Dd`jMpPCA}o+<-(!;B@VyCWzPNswo(*U