From 918a9ca4c96aeb3628277bb9e79444146265d99b Mon Sep 17 00:00:00 2001
From: fredb <fredb@pkgsrc.org>
Date: Sat, 23 Mar 2002 22:48:09 +0000
Subject: Fix sprintf() overflow for long urls: sprintf() -> snprintf().

---
 www/wwwoffle/distinfo         |  3 ++-
 www/wwwoffle/patches/patch-ab | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 www/wwwoffle/patches/patch-ab

diff --git a/www/wwwoffle/distinfo b/www/wwwoffle/distinfo
index 1be0cd7fff4..f05d238f74f 100644
--- a/www/wwwoffle/distinfo
+++ b/www/wwwoffle/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.7 2002/03/10 22:14:30 fredb Exp $
+$NetBSD: distinfo,v 1.8 2002/03/23 22:48:09 fredb Exp $
 
 SHA1 (wwwoffle-2.7.tgz) = d898f6b15a34e55ddc49161278726a55b01ec377
 Size (wwwoffle-2.7.tgz) = 832728 bytes
 SHA1 (patch-aa) = 580868aed26f02378db32303f8a16fb178ca92dd
+SHA1 (patch-ab) = 30f40b7e4726692e7c2a75e5ee85a5f047911e36
diff --git a/www/wwwoffle/patches/patch-ab b/www/wwwoffle/patches/patch-ab
new file mode 100644
index 00000000000..3a47da1c63c
--- /dev/null
+++ b/www/wwwoffle/patches/patch-ab
@@ -0,0 +1,14 @@
+$NetBSD: patch-ab,v 1.5 2002/03/23 22:48:09 fredb Exp $
+
+--- src/parse.c.orig	Sun Jan 20 04:54:12 2002
++++ src/parse.c
+@@ -208,7 +208,8 @@
+     else
+        strcat(url,"?");
+ 
+-    sprintf(url+strlen(url),"!%s:%s.%08lx",(*request_head)->method,MakeHash((*request_body)->content),time(NULL));
++    if (snprintf(url+strlen(url),40,"!%s:%s.%08lx",(*request_head)->method,MakeHash((*request_body)->content),time(NULL)) >= 40)
++	{free(url);return(NULL);}
+    }
+ 
+  return(url);
-- 
cgit v1.2.3