summaryrefslogtreecommitdiff
path: root/net/inetutils
diff options
context:
space:
mode:
authormaya <maya@pkgsrc.org>2018-12-13 05:34:38 +0000
committermaya <maya@pkgsrc.org>2018-12-13 05:34:38 +0000
commitb0971fab49182a8ecdf39ddf90251abb281a1c3d (patch)
tree6cff726eb50b1b212c09d21247477185d93be839 /net/inetutils
parent455856dfd3f9ec65e0867e6144103c4fc9937763 (diff)
downloadpkgsrc-b0971fab49182a8ecdf39ddf90251abb281a1c3d.tar.gz
inetutils: avoid buffer overflow, infinite loop. bump PKGREVISION.
Diffstat (limited to 'net/inetutils')
-rw-r--r--net/inetutils/Makefile4
-rw-r--r--net/inetutils/distinfo4
-rw-r--r--net/inetutils/patches/patch-telnet_telnet.c33
-rw-r--r--net/inetutils/patches/patch-telnet_utilities.c14
4 files changed, 52 insertions, 3 deletions
diff --git a/net/inetutils/Makefile b/net/inetutils/Makefile
index 260327c8c93..73a91e196a9 100644
--- a/net/inetutils/Makefile
+++ b/net/inetutils/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2017/09/08 09:45:12 adam Exp $
+# $NetBSD: Makefile,v 1.4 2018/12/13 05:34:38 maya Exp $
DISTNAME= inetutils-1.9.4
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_GNU:=inetutils/}
EXTRACT_SUFX= .tar.xz
diff --git a/net/inetutils/distinfo b/net/inetutils/distinfo
index 787e7ab16a4..c4bc81cdc31 100644
--- a/net/inetutils/distinfo
+++ b/net/inetutils/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.1 2017/07/07 04:03:06 adam Exp $
+$NetBSD: distinfo,v 1.2 2018/12/13 05:34:38 maya Exp $
SHA1 (inetutils-1.9.4.tar.xz) = 5e515cc9da142cb73bb1beda137b4c2dcf2b528c
RMD160 (inetutils-1.9.4.tar.xz) = 0c144d9ac0b5c07beca1e634fc5b2c5bae15917d
SHA512 (inetutils-1.9.4.tar.xz) = 020d1cab6659da63b26445b29820ad6769b8cf992496bece3dcbfba73804e29cc5c496d59f36046d432f9cc7fadefa3170f6d8faa855e59435aff4ecef724e66
Size (inetutils-1.9.4.tar.xz) = 1364408 bytes
+SHA1 (patch-telnet_telnet.c) = a3fe07b5d00bae8d9a9f69d0c2996d88e84c8cd9
+SHA1 (patch-telnet_utilities.c) = ddd301b000d73eff9da8ded700ee374aa0798c12
diff --git a/net/inetutils/patches/patch-telnet_telnet.c b/net/inetutils/patches/patch-telnet_telnet.c
new file mode 100644
index 00000000000..1e02b5a1bdd
--- /dev/null
+++ b/net/inetutils/patches/patch-telnet_telnet.c
@@ -0,0 +1,33 @@
+$NetBSD: patch-telnet_telnet.c,v 1.1 2018/12/13 05:34:38 maya Exp $
+
+Avoid easy buffer overflow.
+
+--- telnet/telnet.c.orig 2015-03-31 15:40:50.000000000 +0000
++++ telnet/telnet.c
+@@ -861,7 +861,7 @@ suboption (void)
+ len = strlen (name) + 4 + 2;
+ if (len < NETROOM ())
+ {
+- sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+ TELQUAL_IS, name, IAC, SE);
+ ring_supply_data (&netoring, temp, len);
+ printsub ('>', &temp[2], len - 2);
+@@ -885,7 +885,7 @@ suboption (void)
+
+ TerminalSpeeds (&ispeed, &ospeed);
+
+- sprintf ((char *) temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
+ TELQUAL_IS, (int) ospeed, (int) ispeed, IAC, SE);
+ len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */
+
+@@ -999,7 +999,7 @@ suboption (void)
+ send_wont (TELOPT_XDISPLOC, 1);
+ break;
+ }
+- sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+ TELQUAL_IS, dp, IAC, SE);
+ len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */
+
diff --git a/net/inetutils/patches/patch-telnet_utilities.c b/net/inetutils/patches/patch-telnet_utilities.c
new file mode 100644
index 00000000000..8637c5e9fc5
--- /dev/null
+++ b/net/inetutils/patches/patch-telnet_utilities.c
@@ -0,0 +1,14 @@
+$NetBSD: patch-telnet_utilities.c,v 1.1 2018/12/13 05:34:38 maya Exp $
+
+Avoid infinite loop. This is an error exit.
+
+--- telnet/utilities.c.orig 2015-03-31 15:40:50.000000000 +0000
++++ telnet/utilities.c
+@@ -1062,7 +1062,6 @@ Exit (int returnCode)
+ void
+ ExitString (char *string, int returnCode)
+ {
+- SetForExit ();
+ fwrite (string, 1, strlen (string), stderr);
+ exit (returnCode);
+ }