diff options
author | joerg <joerg@pkgsrc.org> | 2006-03-07 02:30:41 +0000 |
---|---|---|
committer | joerg <joerg@pkgsrc.org> | 2006-03-07 02:30:41 +0000 |
commit | 92558e236a0fbd6008d848fc158eaaa077632c7c (patch) | |
tree | e9eaa93029d7a3d61f18d292822b3d572552fb49 /devel | |
parent | d06bede38d03392d580304b243ee812e61bcb200 (diff) | |
download | pkgsrc-92558e236a0fbd6008d848fc158eaaa077632c7c.tar.gz |
Backport fix for CVE-20060224.
Diffstat (limited to 'devel')
-rw-r--r-- | devel/libast/Makefile | 4 | ||||
-rw-r--r-- | devel/libast/distinfo | 3 | ||||
-rw-r--r-- | devel/libast/patches/patch-aa | 57 |
3 files changed, 61 insertions, 3 deletions
diff --git a/devel/libast/Makefile b/devel/libast/Makefile index 0340c6db544..d7ab0564e14 100644 --- a/devel/libast/Makefile +++ b/devel/libast/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.19 2006/02/05 23:08:44 joerg Exp $ +# $NetBSD: Makefile,v 1.20 2006/03/07 02:30:41 joerg Exp $ DISTNAME= libast-0.6.1 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= devel MASTER_SITES= http://www.eterm.org/download/ diff --git a/devel/libast/distinfo b/devel/libast/distinfo index b2df70f8733..e34db69c4cf 100644 --- a/devel/libast/distinfo +++ b/devel/libast/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.3 2005/02/23 22:24:17 agc Exp $ +$NetBSD: distinfo,v 1.4 2006/03/07 02:30:41 joerg Exp $ SHA1 (libast-0.6.1.tar.gz) = 894b9dda8e6f971e0192b78d05dc4812839a01cb RMD160 (libast-0.6.1.tar.gz) = 85d6a6433fe12c81d120adf7e6567c0676d26b8c Size (libast-0.6.1.tar.gz) = 356881 bytes +SHA1 (patch-aa) = ae46e2d08170f491d13f573ca075166c3f6e1a2a diff --git a/devel/libast/patches/patch-aa b/devel/libast/patches/patch-aa new file mode 100644 index 00000000000..cb306283c25 --- /dev/null +++ b/devel/libast/patches/patch-aa @@ -0,0 +1,57 @@ +$NetBSD: patch-aa,v 1.3 2006/03/07 02:30:41 joerg Exp $ + +--- src/conf.c.orig 2004-11-07 20:18:21.000000000 +0100 ++++ src/conf.c +@@ -721,14 +721,12 @@ spifconf_shell_expand(spif_charptr_t s) + + /* The config file reader. This looks for the config file by searching CONFIG_SEARCH_PATH. + If it can't find a config file, it displays a warning but continues. -- mej */ +- + spif_charptr_t + spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const spif_charptr_t pathlist) + { + static spif_char_t name[PATH_MAX], full_path[PATH_MAX]; + spif_charptr_t path, p; +- short maxpathlen; +- unsigned short len; ++ spif_int32_t len, maxpathlen; + struct stat fst; + + REQUIRE_RVAL(file != NULL, NULL); +@@ -737,6 +735,13 @@ spifconf_find_file(const spif_charptr_t + D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory \"%s\".\n", + file, NONULL(dir), NONULL(pathlist), name)); + ++ /* Make sure our supplied settings don't overflow. */ ++ len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char *) dir)) : (0)) + 2; ++ if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) { ++ D_CONF(("Too big. I lose. :(\n")); ++ return ((spif_charptr_t) NULL); ++ } ++ + if (dir) { + strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir); + strcat(SPIF_CAST_C(char *) name, "/"); +@@ -756,7 +761,7 @@ spifconf_find_file(const spif_charptr_t + /* maxpathlen is the longest possible path we can stuff into name[]. The - 2 saves room for + an additional / and the trailing null. */ + if ((maxpathlen = sizeof(name) - len - 2) <= 0) { +- D_CONF(("Too big. I lose. :(\n", name)); ++ D_CONF(("Too big. I lose. :(\n")); + return ((spif_charptr_t) NULL); + } + +@@ -827,10 +832,12 @@ spifconf_open_file(spif_charptr_t name) + /* Check version number against current application version. */ + begin_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '-') + 1; + end_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '>'); ++ D_CONF(("Begin pointer is %10p (%s), end pointer is %10p (%s), length is %d, buffer size is %d\n", ++ begin_ptr, begin_ptr, end_ptr, end_ptr, SPIF_CAST_C(int) (end_ptr - begin_ptr), sizeof(buff))); + if (SPIF_PTR_ISNULL(end_ptr)) { + spiftool_safe_strncpy(buff, begin_ptr, sizeof(buff)); + } else { +- testlen = MAX(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr)); ++ testlen = MIN(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr + 1)); + spiftool_safe_strncpy(buff, begin_ptr, testlen); + } + ver = spiftool_version_compare(buff, libast_program_version); |