- Fix buffer overflow when reading interface addresses

conky-1.6.1-ifaddrs.patch

@@ -0,0 +1,24 @@
+diff -up conky-1.6.1/src/linux.c.ifaddrs conky-1.6.1/src/linux.c
+--- conky-1.6.1/src/linux.c.ifaddrs	2008-08-20 12:50:15.000000000 +0200
++++ conky-1.6.1/src/linux.c	2008-08-20 12:50:31.000000000 +0200
+@@ -353,7 +353,7 @@ void update_net_stats(void)
+ 	for (i2 = 0; i2 < 16; i2++) {
+ 		struct net_stat *ns;
+ 		char *s, *p;
+-		char temp_addr[17];
++		char temp_addr[18];
+ 		long long r, t, last_recv, last_trans;
+ 
+ 		if (fgets(buf, 255, net_dev_fp) == NULL) {
+@@ -380,9 +380,9 @@ void update_net_stats(void)
+ 		memset(&(ns->addr.sa_data), 0, 14);
+ 
+ 		if(NULL == ns->addrs)
+-			ns->addrs = (char*) malloc(17 * 16);
++			ns->addrs = (char*) malloc(17 * 16 + 1);
+ 		if(NULL != ns->addrs)
+-			memset(ns->addrs, 0, 17 * 16); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
++			memset(ns->addrs, 0, 17 * 16 + 1); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
+ 
+ 		last_recv = ns->recv;
+ 		last_trans = ns->trans;

conky.spec

@@ -15,6 +15,7 @@ License:        GPLv3+
 URL:            http://conky.sf.net/
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 Patch0:         conky-1.6.0-rdtsc.patch
+Patch1:         conky-1.6.1-ifaddrs.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  libXft-devel
@@ -36,6 +37,7 @@ It just keeps on given'er. Yeah.
 %prep
 %setup -q
 %patch0 -p1 -b .rdtsc
+%patch1 -p1 -b .ifaddrs
 
 for i in AUTHORS ChangeLog; do
     iconv -f iso8859-1 -t utf8 -o ${i}{_,} && touch -r ${i}{,_} && mv -f ${i}{_,}
@@ -72,8 +74,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
-* Thu Aug 14 2008 Miroslav Lichvar <mlichvar@redhat.com> - 1.6.1-1
+* Tue Aug 26 2008 Miroslav Lichvar <mlichvar@redhat.com> - 1.6.1-1
 - Update to 1.6.1
+- Fix buffer overflow when reading interface addresses
 
 * Tue Jul 22 2008 Miroslav Lichvar <mlichvar@redhat.com> - 1.6.0-1
 - Update to 1.6.0