Fix local buffer overflow (with patch from mercurial repository).

Bump PKGREVISION to 2.

3 files changed, 19 insertions, 3 deletions

diff --git a/net/cftp/Makefile b/net/cftp/Makefile
index ea64838e531..1e29c2969fc 100644
--- a/net/cftp/Makefile
+++ b/net/cftp/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.15 2008/03/11 16:22:32 jlam Exp $
+# $NetBSD: Makefile,v 1.16 2008/04/13 12:20:18 dillo Exp $
 #
 
 DISTNAME=	cftp-0.12
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	http://ftp.giga.or.at/pub/nih/cftp/ \
 		ftp://ftp.giga.or.at/pub/nih/cftp/
diff --git a/net/cftp/distinfo b/net/cftp/distinfo
index 18d0a6285a7..ec22ab31a3f 100644
--- a/net/cftp/distinfo
+++ b/net/cftp/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.7 2005/11/08 15:40:28 tv Exp $
+$NetBSD: distinfo,v 1.8 2008/04/13 12:20:18 dillo Exp $
 
 SHA1 (cftp-0.12.tar.gz) = ba583541be4bce2125849a677054d290140d0880
 RMD160 (cftp-0.12.tar.gz) = 9dfd1d3a03efd5d724bc0ed4c0dafbe19c47670d
 Size (cftp-0.12.tar.gz) = 182043 bytes
 SHA1 (patch-aa) = 7d691241fa45821a0e5aa56337ebccc6df21567a
+SHA1 (patch-ab) = 94841bf054059292552ed4c45e73b4c5a9624716
diff --git a/net/cftp/patches/patch-ab b/net/cftp/patches/patch-ab
new file mode 100644
index 00000000000..b8d1e7e39b3
--- /dev/null
+++ b/net/cftp/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2008/04/13 12:20:18 dillo Exp $
+
+Fix for local buffer overflow, from cftp mercurial repository (r574).
+
+--- readrc.c	Wed Jul 04 18:18:41 2007 +0200
++++ readrc.c	Sun Apr 13 14:10:51 2008 +0200
+@@ -57,7 +55,7 @@ readrc(char **userp, char **passp, char 
+     char b[8192], *p, *tok, *q, *home;
+     char *user, *pass, *host, *port, *wdir;
+ 
+-    if ((home=getenv("HOME")) == NULL)
++    if ((home=getenv("HOME")) == NULL || strlen(home) > sizeof(b)-9)
+ 	home = "";
+     sprintf(b, "%s/.cftprc", home);
+