1 files changed, 41 insertions, 0 deletions

diff --git a/www/w3m/patches/patch-ag b/www/w3m/patches/patch-ag
new file mode 100644
index 00000000000..28dd41800de
--- /dev/null
+++ b/www/w3m/patches/patch-ag
@@ -0,0 +1,41 @@
+$NetBSD: patch-ag,v 1.1 2001/06/24 05:57:24 itojun Exp $
+
+plug buffer overrun vulnerability in mime charset parsing
+http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
+
+--- mimehead.c	Sun Jun 24 14:49:45 2001
++++ mimehead.c	Sun Jun 24 14:46:53 2001
+@@ -173,27 +173,26 @@
+ decodeWord(char **ow)
+ {
+ #endif
+-    char buf[32];
+     char *p, *w = *ow;
+     char method;
+     Str a = Strnew();
++    Str cs = Strnew();
+ 
+     if (*w != '=' || *(w + 1) != '?')
+ 	goto convert_fail;
+     w += 2;
+-    for (p = buf; p - buf < 31 && *w != '?'; w++) {
++    for (; *w != '?'; w++) {
+ 	if (*w == '\0')
+ 	    goto convert_fail;
+-	*(p++) = *w;
++	Strcat_char(cs, *w);
+     }
+-    *p = '\0';
+ #ifdef USE_M17N
+-    c = wc_guess_charset(buf, 0);
++    c = wc_guess_charset(cs->ptr, 0);
+     if (! c)
+ 	goto convert_fail;
+ #else
+-    if (strcasecmp(buf, "ISO-8859-1") != 0 &&
+-	strcasecmp(buf, "US_ASCII") != 0)
++    if (Strcasecmp_charp(cs, "ISO-8859-1") != 0 &&
++        Strcasecmp_charp(cs, "US_ASCII") != 0)
+ 	/* NOT ISO-8859-1 encoding ... don't convert */
+ 	goto convert_fail;
+ #endif