antiword: apply debians patch for CVE-2014-8123

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771768
2015-03-09 18:27:25 +01:00 · 2015-03-09 18:27:25 +01:00 · 3b1b8fb629
commit 3b1b8fb629
parent a9719f9dbb
2 changed files with 21 additions and 1 deletions
--- a/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch
+++ b/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch
@ -0,0 +1,18 @@
+Description: Add check for buffer overflow with malformed input files
+Author: <eriks@debian.org>
+Bug-Debian: http://bugs.debian.org/407015
+Last-Update: 2009-06-03
+
+--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
+@@ -259,6 +259,10 @@
+ 		}
+ 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
+ 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
+ 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
+ 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
+ 		if (atPPSlist[iIndex].ucType == 5) {
--- a/pkgs/applications/office/antiword/default.nix
+++ b/pkgs/applications/office/antiword/default.nix
@ -11,10 +11,12 @@ stdenv.mkDerivation {
    sha256 = "1b7mi1l20jhj09kyh0bq14qzz8vdhhyf35gzwsq43mn6rc7h0b4f";
  };

-  patchPhase = ''
+  preInstall = ''
    sed -i -e "s|/usr/local/bin|$out/bin|g" -e "s|/usr/share|$out/share|g" Makefile antiword.h
  '';

+  patches = [ ./10_fix_buffer_overflow_wordole_c.patch ];
+
  installTargets = "global_install";

  meta = {