diff options
| author | itojun <itojun> | 2001-08-31 00:22:12 +0000 |
|---|---|---|
| committer | itojun <itojun> | 2001-08-31 00:22:12 +0000 |
| commit | 605868442b2c8911fc5324781a292d1e220c62e1 (patch) | |
| tree | 3947e27b3fd56149d6f734309e66e05d83fcfca4 /graphics/magicpoint | |
| parent | 0e6153b46b563d3c733d76fc49fdaeb53d2e395d (diff) | |
| download | pkgsrc-605868442b2c8911fc5324781a292d1e220c62e1.tar.gz | |
plug buffer overrun hole inherited from xloadimage.
XXX package version number bump
Diffstat (limited to 'graphics/magicpoint')
| -rw-r--r-- | graphics/magicpoint/distinfo | 3 | ||||
| -rw-r--r-- | graphics/magicpoint/patches/patch-ab | 35 |
2 files changed, 37 insertions, 1 deletions
diff --git a/graphics/magicpoint/distinfo b/graphics/magicpoint/distinfo index 4e3c11cc29c..9741a49c04c 100644 --- a/graphics/magicpoint/distinfo +++ b/graphics/magicpoint/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.4 2001/07/31 05:27:30 jlam Exp $ +$NetBSD: distinfo,v 1.5 2001/08/31 00:22:12 itojun Exp $ SHA1 (magicpoint-1.08a.tar.gz) = 4b336fff82e0d2c7d4d36b7a914f5d374b6a9343 Size (magicpoint-1.08a.tar.gz) = 815048 bytes SHA1 (patch-aa) = 739e9597b407f6e08ac25fd190bce05d37c116ff +SHA1 (patch-ab) = e64f19da3f410f6b71053c9293c66d7290e9a4a2 diff --git a/graphics/magicpoint/patches/patch-ab b/graphics/magicpoint/patches/patch-ab new file mode 100644 index 00000000000..6ab857be9c5 --- /dev/null +++ b/graphics/magicpoint/patches/patch-ab @@ -0,0 +1,35 @@ +$NetBSD: patch-ab,v 1.1 2001/08/31 00:22:12 itojun Exp $ + +Plug security hole inherited from xloadimage. + +Index: image/faces.c +=================================================================== +RCS file: /usr/cvsroot/mgp/kit/image/faces.c,v +retrieving revision 1.4 +retrieving revision 1.5 +diff -u -r1.4 -r1.5 +--- faces.c 1998/12/28 08:22:58 1.4 ++++ faces.c 2001/08/30 17:10:30 1.5 +@@ -18,6 +18,7 @@ + + #define HEXIGNORE -1 + #define HEXBAD -2 ++#define MAXFACESNAME 256 /* to avoid buffer overflow */ + + /* build a hex digit value table with the bits inverted + */ +@@ -107,10 +108,11 @@ + while (zgets((byte *)buf, BUFSIZ - 1, zf)) { + if (! strcmp(buf, "\n")) + break; +- if (!strncmp(buf, "FirstName:", 10)) +- strcpy(fname, buf + 11); ++ if (!strncmp(buf, "FirstName:", 10)){ ++ strncpy(fname, buf + 11, MAXFACESNAME); ++ } + else if (!strncmp(buf, "LastName:", 9)) +- strcpy(lname, buf + 10); ++ strncpy(lname, buf + 10, MAXFACESNAME); + else if (!strncmp(buf, "Image:", 6)) { + if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) { + fprintf(stderr, "%s: Bad Faces Project image\n", fullname); |