diff options
Diffstat (limited to 'security/tripwire/patches/patch-ae')
-rw-r--r-- | security/tripwire/patches/patch-ae | 53 |
1 files changed, 47 insertions, 6 deletions
diff --git a/security/tripwire/patches/patch-ae b/security/tripwire/patches/patch-ae index c11b40d78fb..ba504f89e5e 100644 --- a/security/tripwire/patches/patch-ae +++ b/security/tripwire/patches/patch-ae @@ -1,7 +1,10 @@ -$NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $ +$NetBSD ---- src/config.parse.c.orig 1994-07-20 18:03:26.000000000 -0700 -+++ src/config.parse.c +strcpy used on overlapping strings. Place in a string to avoid this. +Fixes package on Darwin. + +--- src/config.parse.c.orig 1994-07-21 02:03:26.000000000 +0100 ++++ src/config.parse.c 2021-02-09 14:24:32.000000000 +0000 @@ -55,7 +55,6 @@ #endif @@ -10,7 +13,15 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $ static void configfile_descend(); #ifndef L_tmpnam -@@ -90,6 +89,7 @@ configfile_read(pp_list, pp_entry_list) +@@ -83,6 +82,7 @@ + { + FILE *fpin, *fpout = (FILE *) NULL; + char filename[MAXPATHLEN+512]; ++ char cpfilename[MAXPATHLEN+512]; + char ignorestring[1024]; + char s[MAXPATHLEN+1024]; + char configfile[MAXPATHLEN+512]; +@@ -90,6 +90,7 @@ char number[128]; int entrynum = 0; int err; @@ -18,7 +29,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $ /* to make code semi-reentrant */ list_reset(&prune_list); -@@ -105,8 +105,9 @@ configfile_read(pp_list, pp_entry_list) +@@ -105,8 +106,9 @@ }; (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE); @@ -30,7 +41,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $ exit(1); } -@@ -149,7 +150,7 @@ configfile_read(pp_list, pp_entry_list) +@@ -149,7 +151,7 @@ err = umask(077); /* to protect the tempfile */ @@ -39,3 +50,33 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $ sprintf(s, "tripwire: Couldn't open config file '%s'", configfile); perror(s); exit(1); +@@ -221,11 +223,17 @@ + switch (*filename) { + case '!': + prune_mode = PRUNE_ALL; +- (void) strcpy(filename, filename+1); /* adjust name */ ++ /* overlapping strings - undefined behaviour, at least ++ * on Darwin ++ * (void) strcpy(filename, filename+1); ++ */ ++ (void) strcpy(cpfilename, filename+1); /* adjust name */ ++ (void) strcpy(filename, cpfilename); /* adjust name */ + break; + case '=': + prune_mode = PRUNE_ONE; +- (void) strcpy(filename, filename+1); /* adjust name */ ++ (void) strcpy(cpfilename, filename+1); /* adjust name */ ++ (void) strcpy(filename, cpfilename); /* adjust name */ + break; + default: + continue; /* nothing */ +@@ -295,7 +303,8 @@ + + /* check for leading '=', prune after one recursion */ + else if (*filename == '=') { +- (void) strcpy(filename, filename+1); ++ (void) strcpy(cpfilename, filename+1); /* adjust name */ ++ (void) strcpy(filename, cpfilename); /* adjust name */ + prunedir++; + } + |