diff options
author | cjs <cjs@pkgsrc.org> | 2005-05-10 05:53:48 +0000 |
---|---|---|
committer | cjs <cjs@pkgsrc.org> | 2005-05-10 05:53:48 +0000 |
commit | 0e52dbf92ec5aa4c643dd6d79749de5a861d2554 (patch) | |
tree | 1b34d7e5bf1a1b44796f5dcecf32942c694d9f10 /converters | |
parent | 487b691b9478aa91e03afbf4baa1e7f8cc701f58 (diff) | |
download | pkgsrc-0e52dbf92ec5aa4c643dd6d79749de5a861d2554.tar.gz |
Add an (unreviewed) patch to fix the security vulnerability.
Diffstat (limited to 'converters')
-rw-r--r-- | converters/xlreader/Makefile | 3 | ||||
-rw-r--r-- | converters/xlreader/distinfo | 3 | ||||
-rw-r--r-- | converters/xlreader/patches/patch-ab | 44 |
3 files changed, 48 insertions, 2 deletions
diff --git a/converters/xlreader/Makefile b/converters/xlreader/Makefile index ac7aae3f186..1898329df42 100644 --- a/converters/xlreader/Makefile +++ b/converters/xlreader/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2003/07/17 21:27:47 grant Exp $ +# $NetBSD: Makefile,v 1.4 2005/05/10 05:53:48 cjs Exp $ # DISTNAME= xlreader-0.9.0 +PKGREVISION= 1 CATEGORIES= converters MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xlreader/} EXTRACT_SUFX= .tgz diff --git a/converters/xlreader/distinfo b/converters/xlreader/distinfo index 190a92c738e..7e407bf9aeb 100644 --- a/converters/xlreader/distinfo +++ b/converters/xlreader/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.1.1.1 2003/04/14 17:33:16 zuntum Exp $ +$NetBSD: distinfo,v 1.2 2005/05/10 05:53:48 cjs Exp $ SHA1 (xlreader-0.9.0.tgz) = 233c8663e345f9f09c326e8e303acf463e6017e3 Size (xlreader-0.9.0.tgz) = 45838 bytes SHA1 (patch-aa) = 3acdc2956379bbd2c8f0871c1875ba9c1f6600f8 +SHA1 (patch-ab) = 138ec332e1691129b3336243fc7a6b88d650396a diff --git a/converters/xlreader/patches/patch-ab b/converters/xlreader/patches/patch-ab new file mode 100644 index 00000000000..584e74f288c --- /dev/null +++ b/converters/xlreader/patches/patch-ab @@ -0,0 +1,44 @@ +$NetBSD: patch-ab,v 1.1 2005/05/10 05:53:48 cjs Exp $ + +--- format.c.orig 2005-05-10 13:51:38.000000000 +0900 ++++ format.c 2005-05-10 14:46:25.000000000 +0900 +@@ -138,27 +138,33 @@ + char *str; + char *quotedstr; + char *delim; +- char insert_start[1024 * 4]; ++#define INSERT_START_SIZE (1024 * 4) ++#define INSERT_START_REMAINING (INSERT_START_SIZE - (strlen(insert_start) + 2)) ++ char insert_start[INSERT_START_SIZE]; + + cell_setdateformat(dateformat); + for (i = 0; i < bk->sheetcount; i++) { + delim = ""; + s = bk->sheet[i]; + if (s->name != NULL) { +- sprintf(insert_start,"INSERT INTO %s (",s->name); ++ snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO %s (",s->name); + } else { +- sprintf(insert_start,"INSERT INTO ?TABLE? ("); ++ snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO ?TABLE? ("); + } + for (y = 0; y < s->cols; y++) { + str = cell_data_string(bk,s,0,y); + if (str != NULL) { +- strcat(insert_start,delim); +- strcat(insert_start,str); ++ strncat(insert_start,delim,INSERT_START_REMAINING); ++ strncat(insert_start,str,INSERT_START_REMAINING); + } else { +- strcat(insert_start,delim); ++ strncat(insert_start,delim,INSERT_START_REMAINING); + } + delim = ","; + } ++ if (strlen(insert_start) >= (INSERT_START_SIZE - 1)) { ++ fprintf(stderr, "insert_start buffer overflow\n"); ++ exit(1); ++ } + for (x = 1; x < s->rows; x++) { + delim = ""; + printf("%s) values (",insert_start); |