diff options
-rw-r--r-- | user/readstat/APKBUILD | 13 | ||||
-rw-r--r-- | user/readstat/big-endian.patch | 76 | ||||
-rw-r--r-- | user/readstat/buf-overflow.patch | 26 | ||||
-rw-r--r-- | user/readstat/use-after-free.patch | 37 |
4 files changed, 149 insertions, 3 deletions
diff --git a/user/readstat/APKBUILD b/user/readstat/APKBUILD index bb9926267..1ce3b3249 100644 --- a/user/readstat/APKBUILD +++ b/user/readstat/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=readstat -pkgver=1.1.8 +pkgver=1.1.9 pkgrel=0 pkgdesc="Command-line tool for converting stats package files" url=" " @@ -9,7 +9,11 @@ license="MIT" depends="" makedepends="zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" -source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz" +source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz + use-after-free.patch + buf-overflow.patch + big-endian.patch + " build() { ./configure \ @@ -35,4 +39,7 @@ libs() { default_libs } -sha512sums="0b6278c2f1acae2cb6c509dbf730b121e1d8cd6e53736f060c0b79ba5fbcf56e1c4ac39568d21e90f537a0bae0341d702421eb768d384f8891f6486b7c6c2f1f readstat-1.1.8.tar.gz" +sha512sums="1034d2ca4f45a5b93ed1857b9176965a1584c042bfc2316cc93d0a80f589dc55ad6fe01036a6b9a4db36080b2a9876472f9016ce01e015692430dbeb7e26ece0 readstat-1.1.9.tar.gz +b58b0b2d5da107048c4aedbb6a8a0cd7cd3710ac6e6cd5cb759fd149288da24fb2f52022586154eba42d32441ab5a6ec307f895af2875649bb57a4d0473d9a81 use-after-free.patch +cfcad56dfe51b1454010e6cf15961816de8b60f1d5918638b8f1f208d18713db281eb1d915db4cd79fe11d28c82a1c3c23a1a05a079b4071ba2f61c1d0c74dbc buf-overflow.patch +3aad51258a52c13c45bd94c7e12a9ae38923930f03dbbee650d489ef812999de82e8024ec5e74ca4ad191aa90b2c5d8dd983493121c9b874708b3f32419e1146 big-endian.patch" diff --git a/user/readstat/big-endian.patch b/user/readstat/big-endian.patch new file mode 100644 index 000000000..71f1db133 --- /dev/null +++ b/user/readstat/big-endian.patch @@ -0,0 +1,76 @@ +From 0034c8ee693563cbecae8fa8a24d3e8d5dcc6ab1 Mon Sep 17 00:00:00 2001 +From: Evan Miller <emmiller@gmail.com> +Date: Sat, 4 May 2024 08:50:28 -0400 +Subject: [PATCH] [SAS7BCAT writer] big-endian architecture fix + +Closes #302 +--- + src/sas/readstat_sas7bcat_write.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c +index 6544798c..9642fdad 100644 +--- a/src/sas/readstat_sas7bcat_write.c ++++ b/src/sas/readstat_sas7bcat_write.c +@@ -63,7 +63,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la + + for (j=0; j<r_label_set->value_labels_count; j++) { + readstat_value_label_t *value_label = readstat_get_value_label(r_label_set, j); +- lbp1[2] = 24; // size - 6 ++ int16_t value_entry_len = 24; // size - 6 ++ memcpy(&lbp1[2], &value_entry_len, sizeof(int16_t)); + int32_t index = j; + memcpy(&lbp1[10], &index, sizeof(int32_t)); + if (r_label_set->type == READSTAT_TYPE_STRING) { +@@ -86,7 +87,7 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la + memcpy(&lbp2[8], &label_len, sizeof(int16_t)); + memcpy(&lbp2[10], value_label->label, label_len); + +- lbp1 += 30; ++ lbp1 += 6 + value_entry_len; + lbp2 += 8 + 2 + value_label->label_len + 1; + } + +From 29aac3db79a5da20d1d1dcbb54a587c5ba51e7b3 Mon Sep 17 00:00:00 2001 +From: Evan Miller <emmiller@gmail.com> +Date: Sat, 4 May 2024 10:35:27 -0400 +Subject: [PATCH] [SAS7BCAT writer] more big-endian fixes + +--- + src/sas/readstat_sas7bcat_write.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c +index 9642fda..c25fec0 100644 +--- a/src/sas/readstat_sas7bcat_write.c ++++ b/src/sas/readstat_sas7bcat_write.c +@@ -46,7 +46,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la + memcpy(&block->data[38], &count, sizeof(int32_t)); + memcpy(&block->data[42], &count, sizeof(int32_t)); + if (name_len > 8) { +- block->data[2] = (char)0x80; ++ int16_t flags = 0x80; ++ memcpy(&block->data[2], &flags, sizeof(int16_t)); + memcpy(&block->data[8], name, 8); + + memset(&block->data[106], ' ', 32); +@@ -139,16 +140,15 @@ static readstat_error_t sas7bcat_begin_data(void *writer_ctx) { + + // Page 1 + char *xlsr = &page[856]; +- int16_t block_idx, block_off; +- block_idx = 4; +- block_off = 16; ++ int32_t block_idx = 4; ++ int16_t block_off = 16; + for (i=0; i<writer->label_sets_count; i++) { + if (xlsr + 212 > page + hinfo->page_size) + break; + + memcpy(&xlsr[0], "XLSR", 4); + +- memcpy(&xlsr[4], &block_idx, sizeof(int16_t)); ++ memcpy(&xlsr[4], &block_idx, sizeof(int32_t)); + memcpy(&xlsr[8], &block_off, sizeof(int16_t)); + + xlsr[50] = 'O'; diff --git a/user/readstat/buf-overflow.patch b/user/readstat/buf-overflow.patch new file mode 100644 index 000000000..f3766bb24 --- /dev/null +++ b/user/readstat/buf-overflow.patch @@ -0,0 +1,26 @@ +From c7baae72b36acdc24f56ad48d3e859850fdbdc2b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= <csardi.gabor@gmail.com> +Date: Sat, 17 Feb 2024 21:23:14 +0100 +Subject: [PATCH] Fix a buffer overflow (#311) + +It happens if raw_str_used underflows and ends up a very large number, +which is then used as the size of a string. + +Closes #285. +--- + src/spss/readstat_sav_read.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c +index 7f49490..460bf07 100644 +--- a/src/spss/readstat_sav_read.c ++++ b/src/spss/readstat_sav_read.c +@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len + } + if (++offset == col_info->width) { + if (++segment_offset < var_info->n_segments) { +- raw_str_used--; ++ if (raw_str_used > 0) raw_str_used--; + } + offset = 0; + col++; diff --git a/user/readstat/use-after-free.patch b/user/readstat/use-after-free.patch new file mode 100644 index 000000000..70ea38ffd --- /dev/null +++ b/user/readstat/use-after-free.patch @@ -0,0 +1,37 @@ +From 718d49155e327471ed9bf4a8c157f849f285b46c Mon Sep 17 00:00:00 2001 +From: Stefan Gerlach <stefan.gerlach@uni-konstanz.de> +Date: Wed, 20 Sep 2023 15:18:07 +0200 +Subject: [PATCH] Fix use after free (#298) + +--- + src/bin/readstat.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/bin/readstat.c b/src/bin/readstat.c +index 48b8fdd..e3fbbd1 100644 +--- a/src/bin/readstat.c ++++ b/src/bin/readstat.c +@@ -397,8 +397,6 @@ static int convert_file(const char *input_filename, const char *catalog_filename + module->finish(rs_ctx->module_ctx); + } + +- free(rs_ctx); +- + if (error != READSTAT_OK) { + if (file_exists) { + fprintf(stderr, "Error opening %s: File exists (Use -f to overwrite)\n", output_filename); +@@ -406,9 +404,14 @@ static int convert_file(const char *input_filename, const char *catalog_filename + fprintf(stderr, "Error processing %s: %s\n", rs_ctx->error_filename, readstat_error_message(error)); + unlink(output_filename); + } ++ ++ free(rs_ctx); ++ + return 1; + } + ++ free(rs_ctx); ++ + return 0; + } + |