summaryrefslogtreecommitdiff
path: root/graphics/magicpoint
diff options
context:
space:
mode:
authoritojun <itojun@pkgsrc.org>2001-08-31 00:22:12 +0000
committeritojun <itojun@pkgsrc.org>2001-08-31 00:22:12 +0000
commit8188bdebc04bf8d5edf129c3bb54696af4511301 (patch)
tree3947e27b3fd56149d6f734309e66e05d83fcfca4 /graphics/magicpoint
parent71de999d9eb12b529ffc2964f27464ab0e8c1360 (diff)
downloadpkgsrc-8188bdebc04bf8d5edf129c3bb54696af4511301.tar.gz
plug buffer overrun hole inherited from xloadimage.
XXX package version number bump
Diffstat (limited to 'graphics/magicpoint')
-rw-r--r--graphics/magicpoint/distinfo3
-rw-r--r--graphics/magicpoint/patches/patch-ab35
2 files changed, 37 insertions, 1 deletions
diff --git a/graphics/magicpoint/distinfo b/graphics/magicpoint/distinfo
index 4e3c11cc29c..9741a49c04c 100644
--- a/graphics/magicpoint/distinfo
+++ b/graphics/magicpoint/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.4 2001/07/31 05:27:30 jlam Exp $
+$NetBSD: distinfo,v 1.5 2001/08/31 00:22:12 itojun Exp $
SHA1 (magicpoint-1.08a.tar.gz) = 4b336fff82e0d2c7d4d36b7a914f5d374b6a9343
Size (magicpoint-1.08a.tar.gz) = 815048 bytes
SHA1 (patch-aa) = 739e9597b407f6e08ac25fd190bce05d37c116ff
+SHA1 (patch-ab) = e64f19da3f410f6b71053c9293c66d7290e9a4a2
diff --git a/graphics/magicpoint/patches/patch-ab b/graphics/magicpoint/patches/patch-ab
new file mode 100644
index 00000000000..6ab857be9c5
--- /dev/null
+++ b/graphics/magicpoint/patches/patch-ab
@@ -0,0 +1,35 @@
+$NetBSD: patch-ab,v 1.1 2001/08/31 00:22:12 itojun Exp $
+
+Plug security hole inherited from xloadimage.
+
+Index: image/faces.c
+===================================================================
+RCS file: /usr/cvsroot/mgp/kit/image/faces.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -r1.4 -r1.5
+--- faces.c 1998/12/28 08:22:58 1.4
++++ faces.c 2001/08/30 17:10:30 1.5
+@@ -18,6 +18,7 @@
+
+ #define HEXIGNORE -1
+ #define HEXBAD -2
++#define MAXFACESNAME 256 /* to avoid buffer overflow */
+
+ /* build a hex digit value table with the bits inverted
+ */
+@@ -107,10 +108,11 @@
+ while (zgets((byte *)buf, BUFSIZ - 1, zf)) {
+ if (! strcmp(buf, "\n"))
+ break;
+- if (!strncmp(buf, "FirstName:", 10))
+- strcpy(fname, buf + 11);
++ if (!strncmp(buf, "FirstName:", 10)){
++ strncpy(fname, buf + 11, MAXFACESNAME);
++ }
+ else if (!strncmp(buf, "LastName:", 9))
+- strcpy(lname, buf + 10);
++ strncpy(lname, buf + 10, MAXFACESNAME);
+ else if (!strncmp(buf, "Image:", 6)) {
+ if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) {
+ fprintf(stderr, "%s: Bad Faces Project image\n", fullname);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 20:46:03 +0000