summaryrefslogtreecommitdiff
path: root/devel
diff options
context:
space:
mode:
authorjoerg <joerg@pkgsrc.org>2006-03-07 02:30:41 +0000
committerjoerg <joerg@pkgsrc.org>2006-03-07 02:30:41 +0000
commit92558e236a0fbd6008d848fc158eaaa077632c7c (patch)
treee9eaa93029d7a3d61f18d292822b3d572552fb49 /devel
parentd06bede38d03392d580304b243ee812e61bcb200 (diff)
downloadpkgsrc-92558e236a0fbd6008d848fc158eaaa077632c7c.tar.gz
Backport fix for CVE-20060224.
Diffstat (limited to 'devel')
-rw-r--r--devel/libast/Makefile4
-rw-r--r--devel/libast/distinfo3
-rw-r--r--devel/libast/patches/patch-aa57
3 files changed, 61 insertions, 3 deletions
diff --git a/devel/libast/Makefile b/devel/libast/Makefile
index 0340c6db544..d7ab0564e14 100644
--- a/devel/libast/Makefile
+++ b/devel/libast/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2006/02/05 23:08:44 joerg Exp $
+# $NetBSD: Makefile,v 1.20 2006/03/07 02:30:41 joerg Exp $
DISTNAME= libast-0.6.1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= devel
MASTER_SITES= http://www.eterm.org/download/
diff --git a/devel/libast/distinfo b/devel/libast/distinfo
index b2df70f8733..e34db69c4cf 100644
--- a/devel/libast/distinfo
+++ b/devel/libast/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2005/02/23 22:24:17 agc Exp $
+$NetBSD: distinfo,v 1.4 2006/03/07 02:30:41 joerg Exp $
SHA1 (libast-0.6.1.tar.gz) = 894b9dda8e6f971e0192b78d05dc4812839a01cb
RMD160 (libast-0.6.1.tar.gz) = 85d6a6433fe12c81d120adf7e6567c0676d26b8c
Size (libast-0.6.1.tar.gz) = 356881 bytes
+SHA1 (patch-aa) = ae46e2d08170f491d13f573ca075166c3f6e1a2a
diff --git a/devel/libast/patches/patch-aa b/devel/libast/patches/patch-aa
new file mode 100644
index 00000000000..cb306283c25
--- /dev/null
+++ b/devel/libast/patches/patch-aa
@@ -0,0 +1,57 @@
+$NetBSD: patch-aa,v 1.3 2006/03/07 02:30:41 joerg Exp $
+
+--- src/conf.c.orig 2004-11-07 20:18:21.000000000 +0100
++++ src/conf.c
+@@ -721,14 +721,12 @@ spifconf_shell_expand(spif_charptr_t s)
+
+ /* The config file reader. This looks for the config file by searching CONFIG_SEARCH_PATH.
+ If it can't find a config file, it displays a warning but continues. -- mej */
+-
+ spif_charptr_t
+ spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const spif_charptr_t pathlist)
+ {
+ static spif_char_t name[PATH_MAX], full_path[PATH_MAX];
+ spif_charptr_t path, p;
+- short maxpathlen;
+- unsigned short len;
++ spif_int32_t len, maxpathlen;
+ struct stat fst;
+
+ REQUIRE_RVAL(file != NULL, NULL);
+@@ -737,6 +735,13 @@ spifconf_find_file(const spif_charptr_t
+ D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory \"%s\".\n",
+ file, NONULL(dir), NONULL(pathlist), name));
+
++ /* Make sure our supplied settings don't overflow. */
++ len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char *) dir)) : (0)) + 2;
++ if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) {
++ D_CONF(("Too big. I lose. :(\n"));
++ return ((spif_charptr_t) NULL);
++ }
++
+ if (dir) {
+ strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir);
+ strcat(SPIF_CAST_C(char *) name, "/");
+@@ -756,7 +761,7 @@ spifconf_find_file(const spif_charptr_t
+ /* maxpathlen is the longest possible path we can stuff into name[]. The - 2 saves room for
+ an additional / and the trailing null. */
+ if ((maxpathlen = sizeof(name) - len - 2) <= 0) {
+- D_CONF(("Too big. I lose. :(\n", name));
++ D_CONF(("Too big. I lose. :(\n"));
+ return ((spif_charptr_t) NULL);
+ }
+
+@@ -827,10 +832,12 @@ spifconf_open_file(spif_charptr_t name)
+ /* Check version number against current application version. */
+ begin_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '-') + 1;
+ end_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '>');
++ D_CONF(("Begin pointer is %10p (%s), end pointer is %10p (%s), length is %d, buffer size is %d\n",
++ begin_ptr, begin_ptr, end_ptr, end_ptr, SPIF_CAST_C(int) (end_ptr - begin_ptr), sizeof(buff)));
+ if (SPIF_PTR_ISNULL(end_ptr)) {
+ spiftool_safe_strncpy(buff, begin_ptr, sizeof(buff));
+ } else {
+- testlen = MAX(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr));
++ testlen = MIN(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr + 1));
+ spiftool_safe_strncpy(buff, begin_ptr, testlen);
+ }
+ ver = spiftool_version_compare(buff, libast_program_version);