diff options
author | taca <taca@pkgsrc.org> | 2007-05-13 16:59:39 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2007-05-13 16:59:39 +0000 |
commit | ab9d551367b87479030265b6a930ef10c43f38b6 (patch) | |
tree | ed97b459e7d1da9fa9f0a6f87e53603b7767e3a8 /archivers/zoo/patches/patch-al | |
parent | fe37baa5b1f156952f78db619531ffb59e1a3e3e (diff) | |
download | pkgsrc-ab9d551367b87479030265b6a930ef10c43f38b6.tar.gz |
- Apply patch to fix CVE-2007-1669
- Stop using mktemp(3).
Bump PKGREVISION.
Diffstat (limited to 'archivers/zoo/patches/patch-al')
-rw-r--r-- | archivers/zoo/patches/patch-al | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/archivers/zoo/patches/patch-al b/archivers/zoo/patches/patch-al new file mode 100644 index 00000000000..11314e5729d --- /dev/null +++ b/archivers/zoo/patches/patch-al @@ -0,0 +1,35 @@ +$NetBSD: patch-al,v 1.1 2007/05/13 16:59:39 taca Exp $ + +--- zooext.c.orig 1993-05-01 12:58:50.000000000 +0900 ++++ zooext.c +@@ -89,6 +89,7 @@ int alloc_size; + #endif + struct direntry direntry; /* directory entry */ + int first_dir = 1; /* first dir entry seen? */ ++unsigned long zoo_pointer = 0; /* Track our position in the file */ + + static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n"; + static char no_space[] = "Insufficient disk space to extract %s.\n"; +@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) { /* i + exit_status = 1; + } + zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */ ++ ++ /* Begin tracking our position in the file */ ++ zoo_pointer = zoo_header.zoo_start; + } + + #ifndef PORTABLE +@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */ + } /* end if */ + + loop_again: ++ ++ /* Make sure we are not seeking to already processed data */ ++ if (next_ptr <= zoo_pointer) ++ prterror ('f', "ZOO chain structure is corrupted\n"); ++ zoo_pointer = next_ptr; ++ + zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */ + } /* end while */ + |