diff options
author | salo <salo> | 2005-03-31 14:17:05 +0000 |
---|---|---|
committer | salo <salo> | 2005-03-31 14:17:05 +0000 |
commit | 4119c581100ca1cf6483558a1b2803693b20f326 (patch) | |
tree | d4e64249a4c31d4c6d187862c5d014b9d9b613df /archivers/gsharutils/patches/patch-aj | |
parent | f0bf55db5b664eb82a53b7fa37a05152991955b0 (diff) | |
download | pkgsrc-4119c581100ca1cf6483558a1b2803693b20f326.tar.gz |
Securitu fix for CAN-2004-1773:
"Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers
to execute arbitrary code via long output from wc to shar, or unknown vectors
in unshar."
Patch from SuSE/Gentoo. Also add more sanity checking patches from the latter.
Diffstat (limited to 'archivers/gsharutils/patches/patch-aj')
-rw-r--r-- | archivers/gsharutils/patches/patch-aj | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/archivers/gsharutils/patches/patch-aj b/archivers/gsharutils/patches/patch-aj new file mode 100644 index 00000000000..57c79f7b075 --- /dev/null +++ b/archivers/gsharutils/patches/patch-aj @@ -0,0 +1,17 @@ +$NetBSD: patch-aj,v 1.4 2005/03/31 14:17:05 salo Exp $ + +--- src/mailshar.in.orig 1995-11-26 00:42:47.000000000 +0100 ++++ src/mailshar.in 2005-03-31 15:51:27.000000000 +0200 +@@ -33,7 +33,11 @@ + If none of -MTBzZ are given, -z is automatically selected if *none* + of the FILEs have an .arc, .exz, .gif, .z, .gz, .Z, .zip or .zoo suffix." + +-temp=/usr/tmp/$$.shar ++temp=`mktemp -q /tmp/$0.XXXXXX` ++if [ $? -ne 0 ]; then ++ echo "$0: Can't create temp file, exiting..." ++ exit 1 ++fi + + ### Decode the options. + |