summaryrefslogtreecommitdiff
path: root/converters/xlreader
diff options
context:
space:
mode:
authorcjs <cjs@pkgsrc.org>2005-05-10 05:53:48 +0000
committercjs <cjs@pkgsrc.org>2005-05-10 05:53:48 +0000
commit0e52dbf92ec5aa4c643dd6d79749de5a861d2554 (patch)
tree1b34d7e5bf1a1b44796f5dcecf32942c694d9f10 /converters/xlreader
parent487b691b9478aa91e03afbf4baa1e7f8cc701f58 (diff)
downloadpkgsrc-0e52dbf92ec5aa4c643dd6d79749de5a861d2554.tar.gz
Add an (unreviewed) patch to fix the security vulnerability.
Diffstat (limited to 'converters/xlreader')
-rw-r--r--converters/xlreader/Makefile3
-rw-r--r--converters/xlreader/distinfo3
-rw-r--r--converters/xlreader/patches/patch-ab44
3 files changed, 48 insertions, 2 deletions
diff --git a/converters/xlreader/Makefile b/converters/xlreader/Makefile
index ac7aae3f186..1898329df42 100644
--- a/converters/xlreader/Makefile
+++ b/converters/xlreader/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2003/07/17 21:27:47 grant Exp $
+# $NetBSD: Makefile,v 1.4 2005/05/10 05:53:48 cjs Exp $
#
DISTNAME= xlreader-0.9.0
+PKGREVISION= 1
CATEGORIES= converters
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xlreader/}
EXTRACT_SUFX= .tgz
diff --git a/converters/xlreader/distinfo b/converters/xlreader/distinfo
index 190a92c738e..7e407bf9aeb 100644
--- a/converters/xlreader/distinfo
+++ b/converters/xlreader/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2003/04/14 17:33:16 zuntum Exp $
+$NetBSD: distinfo,v 1.2 2005/05/10 05:53:48 cjs Exp $
SHA1 (xlreader-0.9.0.tgz) = 233c8663e345f9f09c326e8e303acf463e6017e3
Size (xlreader-0.9.0.tgz) = 45838 bytes
SHA1 (patch-aa) = 3acdc2956379bbd2c8f0871c1875ba9c1f6600f8
+SHA1 (patch-ab) = 138ec332e1691129b3336243fc7a6b88d650396a
diff --git a/converters/xlreader/patches/patch-ab b/converters/xlreader/patches/patch-ab
new file mode 100644
index 00000000000..584e74f288c
--- /dev/null
+++ b/converters/xlreader/patches/patch-ab
@@ -0,0 +1,44 @@
+$NetBSD: patch-ab,v 1.1 2005/05/10 05:53:48 cjs Exp $
+
+--- format.c.orig 2005-05-10 13:51:38.000000000 +0900
++++ format.c 2005-05-10 14:46:25.000000000 +0900
+@@ -138,27 +138,33 @@
+ char *str;
+ char *quotedstr;
+ char *delim;
+- char insert_start[1024 * 4];
++#define INSERT_START_SIZE (1024 * 4)
++#define INSERT_START_REMAINING (INSERT_START_SIZE - (strlen(insert_start) + 2))
++ char insert_start[INSERT_START_SIZE];
+
+ cell_setdateformat(dateformat);
+ for (i = 0; i < bk->sheetcount; i++) {
+ delim = "";
+ s = bk->sheet[i];
+ if (s->name != NULL) {
+- sprintf(insert_start,"INSERT INTO %s (",s->name);
++ snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO %s (",s->name);
+ } else {
+- sprintf(insert_start,"INSERT INTO ?TABLE? (");
++ snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO ?TABLE? (");
+ }
+ for (y = 0; y < s->cols; y++) {
+ str = cell_data_string(bk,s,0,y);
+ if (str != NULL) {
+- strcat(insert_start,delim);
+- strcat(insert_start,str);
++ strncat(insert_start,delim,INSERT_START_REMAINING);
++ strncat(insert_start,str,INSERT_START_REMAINING);
+ } else {
+- strcat(insert_start,delim);
++ strncat(insert_start,delim,INSERT_START_REMAINING);
+ }
+ delim = ",";
+ }
++ if (strlen(insert_start) >= (INSERT_START_SIZE - 1)) {
++ fprintf(stderr, "insert_start buffer overflow\n");
++ exit(1);
++ }
+ for (x = 1; x < s->rows; x++) {
+ delim = "";
+ printf("%s) values (",insert_start);