Pullup security fix to the pkgsrc-2003Q4 branch, requested by Matthias

Scheler. Module Name: pkgsrc Committed By: tron Date: Tue Feb 10 09:32:47 UTC 2004 Modified Files: pkgsrc/audio/mpg123: Makefile distinfo pkgsrc/audio/mpg123-esound: Makefile pkgsrc/audio/mpg123-nas: Makefile Added Files: pkgsrc/audio/mpg123/patches: patch-aq Log Message: Fix security vulnerability reported in CAN-2003-0865. Bump package revision because of this fix.
author: agc <agc> 2004-02-10 17:26:34 +0000
committer: agc <agc> 2004-02-10 17:26:34 +0000
commit: 54cbf37e39fd122be188102ad0638e5e71185d6f (patch)
tree: 5c9bfce648f7c039374e43360455c7e99ec1ebb5
parent: be6c3e8590921065a001a38ce3a7d469f71d8b8c (diff)
download: pkgsrc-54cbf37e39fd122be188102ad0638e5e71185d6f.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/audio/mpg123/patches/patch-aq b/audio/mpg123/patches/patch-aq
new file mode 100644
index 00000000000..aa979419425
--- /dev/null
+++ b/audio/mpg123/patches/patch-aq
@@ -0,0 +1,25 @@
+$NetBSD: patch-aq,v 1.1.2.2 2004/02/10 17:26:34 agc Exp $
+
+--- httpget.c.orig	Tue Feb 10 10:14:29 2004
++++ httpget.c	Tue Feb 10 10:18:07 2004
+@@ -55,11 +55,10 @@
+ #endif
+ 	int pos = 0;
+ 
+-	while(1) {
++	while(pos < (maxlen - 1)) {
+ 		if( read(fileno(f),string+pos,1) == 1) {
+ 			pos++;
+ 			if(string[pos-1] == '\n') {
+-				string[pos] = 0;
+ 				break;
+ 			}
+ 		}
+@@ -78,6 +77,7 @@
+ 	}
+ #endif
+ 
++	string[pos] = '\0';
+ }
+ 
+ void encode64 (char *source,char *destination)
author	agc <agc>	2004-02-10 17:26:34 +0000
committer	agc <agc>	2004-02-10 17:26:34 +0000
commit	54cbf37e39fd122be188102ad0638e5e71185d6f (patch)
tree	5c9bfce648f7c039374e43360455c7e99ec1ebb5
parent	be6c3e8590921065a001a38ce3a7d469f71d8b8c (diff)
download	pkgsrc-54cbf37e39fd122be188102ad0638e5e71185d6f.tar.gz