diff options
| author | salo <salo> | 2006-08-24 22:02:02 +0000 |
|---|---|---|
| committer | salo <salo> | 2006-08-24 22:02:02 +0000 |
| commit | 2ff5e91533e17075470dd9de6cdf74cd24ef48d5 (patch) | |
| tree | 0a467d9e658aa9b5f6de8beb294957e4406daba6 /devel/cscope/patches/patch-aj | |
| parent | 7acd7c964eb21224c67ff8f99fcd001ba1568229 (diff) | |
| download | pkgsrc-2ff5e91533e17075470dd9de6cdf74cd24ef48d5.tar.gz | |
Security fix for SA21601:
"Will Drewry has reported some vulnerabilities in Cscope, which
potentially can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors within the parsing of file lists or
the expansion of environment variables can be exploited to
cause stack-based buffer overflows when parsing specially
crafted "cscope.lists" files or directories.
2) A boundary error within the parsing of command line arguments
can be exploited to cause a stack-based buffer overflow when
supplying an overly long "reffile" argument.
Successful exploitation may allow execution of arbitrary code."
Patches adapted from cscope CVS. Bump PKGREVISION.
Diffstat (limited to 'devel/cscope/patches/patch-aj')
| -rw-r--r-- | devel/cscope/patches/patch-aj | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/devel/cscope/patches/patch-aj b/devel/cscope/patches/patch-aj index fea90578dc0..50ab30ba5bf 100644 --- a/devel/cscope/patches/patch-aj +++ b/devel/cscope/patches/patch-aj @@ -1,8 +1,26 @@ -$NetBSD: patch-aj,v 1.2 2006/05/29 13:51:20 tron Exp $ +$NetBSD: patch-aj,v 1.3 2006/08/24 22:02:02 salo Exp $ ---- src/edit.c.orig 2001-07-18 14:49:01.000000000 +0100 -+++ src/edit.c 2006-05-29 14:34:26.000000000 +0100 -@@ -105,9 +105,9 @@ +--- src/edit.c.orig 2001-07-18 15:49:01.000000000 +0200 ++++ src/edit.c 2006-08-24 23:39:09.000000000 +0200 +@@ -60,7 +60,7 @@ editref(int i) + seekline(i + topline); + + /* get the file name and line number */ +- if (fscanf(refsfound, "%s%*s%s", file, linenum) == 2) { ++ if (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s", file, linenum) == 2) { + edit(file, linenum); /* edit it */ + } + seekline(topline); /* restore the line pointer */ +@@ -83,7 +83,7 @@ editall(void) + seekline(1); + + /* get each file name and line number */ +- while (fscanf(refsfound, "%s%*s%s%*[^\n]", file, linenum) == 2) { ++ while (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", file, linenum) == 2) { + edit(file, linenum); /* edit it */ + if (editallprompt == YES) { + addstr("Type ^D to stop editing all lines, or any other character to continue: "); +@@ -105,9 +105,9 @@ edit(char *file, char *linenum) char *s; file = filepath(file); @@ -14,7 +32,7 @@ $NetBSD: patch-aj,v 1.2 2006/05/29 13:51:20 tron Exp $ /* if this is the more or page commands */ if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) { -@@ -132,7 +132,7 @@ +@@ -132,7 +132,7 @@ filepath(char *file) static char path[PATHLEN + 1]; if (prependpath != NULL && *file != '/') { |