diff options
| author | fredb <fredb> | 2004-05-10 01:15:14 +0000 |
|---|---|---|
| committer | fredb <fredb> | 2004-05-10 01:15:14 +0000 |
| commit | 37224842407334904158dacac4b106dd166c1166 (patch) | |
| tree | 42e75f50f077c5112d02c38648a833ab8f4f163a /graphics/png/patches | |
| parent | 9c3ac20f0132348e3d9caafba2f2bcf3770cc179 (diff) | |
| download | pkgsrc-37224842407334904158dacac4b106dd166c1166.tar.gz | |
Don't read past the end of the error message string. This patch was
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.
This error was widely reported as "security issue",
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.
Bump PKGREVISION.
Diffstat (limited to 'graphics/png/patches')
| -rw-r--r-- | graphics/png/patches/patch-ae | 20 | ||||
| -rw-r--r-- | graphics/png/patches/patch-af | 13 |
2 files changed, 31 insertions, 2 deletions
diff --git a/graphics/png/patches/patch-ae b/graphics/png/patches/patch-ae index 7d38db86b7f..50b107fb3b6 100644 --- a/graphics/png/patches/patch-ae +++ b/graphics/png/patches/patch-ae @@ -1,6 +1,6 @@ -$NetBSD: patch-ae,v 1.1 2004/03/30 11:09:15 wiz Exp $ +$NetBSD: patch-ae,v 1.2 2004/05/10 01:15:14 fredb Exp $ ---- pngconf.h.orig Thu Oct 3 13:32:27 2002 +--- pngconf.h.orig 2002-10-03 06:32:27.000000000 -0500 +++ pngconf.h @@ -252,8 +252,8 @@ # undef _BSD_SOURCE @@ -13,3 +13,19 @@ $NetBSD: patch-ae,v 1.1 2004/03/30 11:09:15 wiz Exp $ # endif # endif /* __linux__ */ +@@ -1280,6 +1280,7 @@ + # define CVT_PTR(ptr) (png_far_to_near(png_ptr,ptr,CHECK)) + # define CVT_PTR_NOCHECK(ptr) (png_far_to_near(png_ptr,ptr,NOCHECK)) + # define png_strcpy _fstrcpy ++# define png_strncpy _fstrncpy /* Added to v 1.2.6 */ + # define png_strlen _fstrlen + # define png_memcmp _fmemcmp /* SJT: added */ + # define png_memcpy _fmemcpy +@@ -1288,6 +1289,7 @@ + # define CVT_PTR(ptr) (ptr) + # define CVT_PTR_NOCHECK(ptr) (ptr) + # define png_strcpy strcpy ++# define png_strncpy strncpy /* Added to v 1.2.6 */ + # define png_strlen strlen + # define png_memcmp memcmp /* SJT: added */ + # define png_memcpy memcpy diff --git a/graphics/png/patches/patch-af b/graphics/png/patches/patch-af new file mode 100644 index 00000000000..9c35717cacc --- /dev/null +++ b/graphics/png/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.1 2004/05/10 01:15:14 fredb Exp $ + +--- pngerror.c.orig 2002-10-03 06:32:27.000000000 -0500 ++++ pngerror.c +@@ -137,7 +137,7 @@ png_format_buffer(png_structp png_ptr, p + { + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, error_message, 64); ++ png_strncpy(buffer+iout, error_message, 63); + buffer[iout+63] = 0; + } + } |