From 3911ba8ab808c3ba7b54666ee4d4ba5cbf15a6e5 Mon Sep 17 00:00:00 2001 From: rillig Date: Sun, 3 May 2020 14:38:36 +0000 Subject: net/IglooFTP: fix potential endless loop for long passwords --- net/IglooFTP/Makefile | 4 ++-- net/IglooFTP/distinfo | 3 ++- net/IglooFTP/patches/patch-src_console_c | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 net/IglooFTP/patches/patch-src_console_c (limited to 'net/IglooFTP') diff --git a/net/IglooFTP/Makefile b/net/IglooFTP/Makefile index cdcc0c8b0f6..49a4519a6a9 100644 --- a/net/IglooFTP/Makefile +++ b/net/IglooFTP/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.20 2017/08/16 20:45:41 wiz Exp $ +# $NetBSD: Makefile,v 1.21 2020/05/03 14:38:36 rillig Exp $ DISTNAME= IglooFTP-0.6.1 -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SUNSITE:=system/network/file-transfer/} EXTRACT_SUFX= .src.tar.gz diff --git a/net/IglooFTP/distinfo b/net/IglooFTP/distinfo index 98019ca7522..5896f4d07da 100644 --- a/net/IglooFTP/distinfo +++ b/net/IglooFTP/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2015/11/04 00:34:51 agc Exp $ +$NetBSD: distinfo,v 1.13 2020/05/03 14:38:36 rillig Exp $ SHA1 (IglooFTP-0.6.1.src.tar.gz) = ab56bc6c15dc81525b8e987ae5fc15e562f92eed RMD160 (IglooFTP-0.6.1.src.tar.gz) = 7f0971ec857542d96a09dffc9db8a3544df38fae @@ -11,3 +11,4 @@ SHA1 (patch-ad) = 9e2fbcc3ece0782d32b8bf661dd81e513822852e SHA1 (patch-ae) = 84cd31095b3b4772e27f7bc56daeaf77834680b6 SHA1 (patch-af) = 916f5d0c841bc706329f64ffd13b1ca820058ba4 SHA1 (patch-ag) = 96dfa4a0faefc3970f886947e8863ff00dd9f148 +SHA1 (patch-src_console_c) = d1692d9509c237a36b29f616dfe4141331c4f6a5 diff --git a/net/IglooFTP/patches/patch-src_console_c b/net/IglooFTP/patches/patch-src_console_c new file mode 100644 index 00000000000..593cdedd299 --- /dev/null +++ b/net/IglooFTP/patches/patch-src_console_c @@ -0,0 +1,21 @@ +$NetBSD: patch-src_console_c,v 1.1 2020/05/03 14:38:36 rillig Exp $ + +Not sure whether this could lead to an endless loop when someone enters a +long password. Anyway, using a signed character as array index is wrong. + +Found by GCC's -Werror=char-subscripts. + +Not reported upstream because this package doesn't even have a homepage +anymore. + +--- src/console.c.orig 1999-04-15 16:05:13.000000000 +0000 ++++ src/console.c +@@ -177,7 +177,7 @@ local_message (char *this_message) + + if (strstr (this_message, "PASS")) + { +- register char f; ++ size_t f; + for (f = 5; f < strlen (this_message); f++) + this_message[f] = 'x'; + } -- cgit v1.2.3