summaryrefslogtreecommitdiff
path: root/net/socks5
diff options
context:
space:
mode:
authorgrant <grant>2003-10-11 11:27:56 +0000
committergrant <grant>2003-10-11 11:27:56 +0000
commit8f2bf1b5cae8134e7264d5cb1b28ac3a98884b6b (patch)
treeb36fe176a8d4f30fdb5fa6aa1adfa8f3b4c686f9 /net/socks5
parentebe6c1d9e65c6a658e303902b20c49b300eb7d67 (diff)
downloadpkgsrc-8f2bf1b5cae8134e7264d5cb1b28ac3a98884b6b.tar.gz
add patch from http://online.securityfocus.com/archive/2/9842,
fixing remotely exploitable buffer overflow. bump PKGREVISION. addresses PR pkg/22687 from Wolfgang S. Rupprecht.
Diffstat (limited to 'net/socks5')
-rw-r--r--net/socks5/Makefile4
-rw-r--r--net/socks5/distinfo3
-rw-r--r--net/socks5/patches/patch-ac25
3 files changed, 29 insertions, 3 deletions
diff --git a/net/socks5/Makefile b/net/socks5/Makefile
index 9284db4d79d..56e470c413e 100644
--- a/net/socks5/Makefile
+++ b/net/socks5/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.27 2003/10/11 11:16:20 grant Exp $
+# $NetBSD: Makefile,v 1.28 2003/10/11 11:27:56 grant Exp $
# FreeBSD Id: Makefile,v 1.14 1997/08/28 06:49:06 obrien Exp
#
@@ -6,7 +6,7 @@ DISTNAME= socks5-v1_0r2
PKGNAME= socks5-1.0.2
WRKSRC= ${WRKDIR}/socks5-v1.0r2
CATEGORIES= net security
-PKGREVISION= 1
+PKGREVISION= 2
MASTER_SITES= # empty -- manual fetch needed
EXTRACT_SUFX= _tar.gz
diff --git a/net/socks5/distinfo b/net/socks5/distinfo
index 7905c592c98..b9cf66b16c7 100644
--- a/net/socks5/distinfo
+++ b/net/socks5/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2001/04/21 11:23:34 wiz Exp $
+$NetBSD: distinfo,v 1.3 2003/10/11 11:27:56 grant Exp $
SHA1 (socks5-v1_0r2_tar.gz) = 57c6e3a17381ce48bed008a86442385dbc2d11de
Size (socks5-v1_0r2_tar.gz) = 390331 bytes
SHA1 (patch-aa) = 5960986bf8aa8e8abf96df90b4b9c1940b1adb98
SHA1 (patch-ab) = 85e70c3a81ee5dc44af24f48fe4d3869c0985854
+SHA1 (patch-ac) = 296da7096e6c6984714f5aa88e3caab7cd11e309
diff --git a/net/socks5/patches/patch-ac b/net/socks5/patches/patch-ac
new file mode 100644
index 00000000000..58d00ef7f0d
--- /dev/null
+++ b/net/socks5/patches/patch-ac
@@ -0,0 +1,25 @@
+$NetBSD: patch-ac,v 1.1 2003/10/11 11:27:56 grant Exp $
+
+--- lib/log.c.orig 1997-06-19 02:32:05.000000000 +1000
++++ lib/log.c
+@@ -77,7 +77,8 @@ static void replacePercentM(const char *
+ }
+
+ void S5LogvUpdate(const void *handle, int level, int msgID, const char *oformat, va_list pvar) {
+- char fmt_cpy[2*1024 + 2*10], format[2*1024 + 2*10];
++#define FMT_BUFLEN (2*1024 + 2*10)
++ char fmt_cpy[FMT_BUFLEN], format[FMT_BUFLEN];
+ S5LogHandle *h = (S5LogHandle *)handle;
+ int serrno = GETERRNO();
+ static int dontLoop = 0;
+@@ -112,7 +113,9 @@ void S5LogvUpdate(const void *handle, in
+ strcat(format, " ");
+
+ replacePercentM(oformat, format + strlen(format), sizeof(format) - strlen(format));
+- vsprintf(fmt_cpy, format, pvar);
++ if(vsnprintf(fmt_cpy, FMT_BUFLEN-1,format, pvar)==-1) {
++ fmt_cpy[FMT_BUFLEN-1]='\0';
++ }
+
+ /* Log to the Local log facility, e.g. Stderr on Unix and maybe a window */
+ /* or something on NT. Neither system can deal with a NULL format so */