diff options
author | tv <tv> | 2004-10-12 18:28:28 +0000 |
---|---|---|
committer | tv <tv> | 2004-10-12 18:28:28 +0000 |
commit | 92e23471ff1bd08d97a2f25b5f22cc3beed2ee70 (patch) | |
tree | f1fba9f4d69cf894afd43cc9221a7671651a5153 /archivers/gzip-base/patches | |
parent | 09e671b3ad25ab64c7f7c89da4b9bb0826c5f4fd (diff) | |
download | pkgsrc-92e23471ff1bd08d97a2f25b5f22cc3beed2ee70.tar.gz |
Update gzip to 1.2.4b, fixing a filename buffer overflow.
Diffstat (limited to 'archivers/gzip-base/patches')
-rw-r--r-- | archivers/gzip-base/patches/patch-ab | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/archivers/gzip-base/patches/patch-ab b/archivers/gzip-base/patches/patch-ab new file mode 100644 index 00000000000..a903b99910b --- /dev/null +++ b/archivers/gzip-base/patches/patch-ab @@ -0,0 +1,22 @@ +$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $ + +From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames +over 1020 caharacters long. + +--- gzip.c Thu Aug 19 15:39:43 1993 ++++ gzip.c Tue Jan 8 21:44:18 2002 +@@ -1005,7 +1005,14 @@ + #ifdef NO_MULTIPLE_DOTS + char *dot; /* pointer to ifname extension, or NULL */ + #endif ++ int max_suffix_len = (z_len > 3 ? z_len : 3); + ++ /* Leave enough room in ifname or ofname for suffix: */ ++ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) { ++ strncpy(ifname, iname, sizeof(ifname) - 1); ++ /* last byte of ifname is already zero and never overwritten */ ++ error("file name too long"); ++ } + strcpy(ifname, iname); + + /* If input file exists, return OK. */ |