From 232f9b233dd1df4da74a2d291709ba7c7bdae0ca Mon Sep 17 00:00:00 2001 From: salo Date: Sun, 20 Mar 2005 21:34:17 +0000 Subject: Security fix for CAN-2004-1289. "Multiple buffer overflows in the getline function in pcalutil.c and the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file." Partial patch from Debian. Bump PKGREVISION. --- time/pcal/Makefile | 3 ++- time/pcal/distinfo | 4 +++- time/pcal/patches/patch-af | 13 +++++++++++++ time/pcal/patches/patch-ag | 15 +++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 time/pcal/patches/patch-af create mode 100644 time/pcal/patches/patch-ag (limited to 'time') diff --git a/time/pcal/Makefile b/time/pcal/Makefile index 4e3d94f94e7..ca0b1efccdc 100644 --- a/time/pcal/Makefile +++ b/time/pcal/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.6 2004/12/03 15:15:11 wiz Exp $ +# $NetBSD: Makefile,v 1.7 2005/03/20 21:34:17 salo Exp $ # DISTNAME= pcal-4.7 +PKGREVISION= 1 CATEGORIES= time MASTER_SITES= http://membled.com/work/mirror/pcal/ EXTRACT_SUFX= .tar.bz2 diff --git a/time/pcal/distinfo b/time/pcal/distinfo index 65d6ff84320..96e96451448 100644 --- a/time/pcal/distinfo +++ b/time/pcal/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2005/02/23 19:14:55 wiz Exp $ +$NetBSD: distinfo,v 1.5 2005/03/20 21:34:17 salo Exp $ SHA1 (pcal-4.7.tar.bz2) = 4604067da16b7674630eb4d8894406b885e85d89 RMD160 (pcal-4.7.tar.bz2) = d0b5380da2bbf94c5c5824f3355b583abba593bc @@ -8,3 +8,5 @@ SHA1 (patch-ab) = 95205a855ed29f45f68bdb940f88d33133348b97 SHA1 (patch-ac) = ab1eee4e3441268255d4bbc2d043db74d3eac2ae SHA1 (patch-ad) = ffd8b00dbb716df55be4a7e17f4637dad86bcd1f SHA1 (patch-ae) = 34ae04ae56d096b1b2294114428dc1f29af83701 +SHA1 (patch-af) = 59f064df3fa9441c22be91c1e6dd12c7ffef3a08 +SHA1 (patch-ag) = 34c442b33d47f51e4f6e82f966446a717ceb64a1 diff --git a/time/pcal/patches/patch-af b/time/pcal/patches/patch-af new file mode 100644 index 00000000000..1669ad8830e --- /dev/null +++ b/time/pcal/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.1 2005/03/20 21:34:17 salo Exp $ + +--- pcalutil.c.orig 2000-02-09 17:06:23.000000000 +0100 ++++ pcalutil.c 2005-03-20 22:26:14.000000000 +0100 +@@ -1111,6 +1111,8 @@ + else + ungetc(c2, fp); + } ++ /* Don't overflow the buffer */ ++ if ( (cp - tmpbuf) < (LINSIZ -1)) + *cp++ = c; + } + diff --git a/time/pcal/patches/patch-ag b/time/pcal/patches/patch-ag new file mode 100644 index 00000000000..6a7d343a4b1 --- /dev/null +++ b/time/pcal/patches/patch-ag @@ -0,0 +1,15 @@ +$NetBSD: patch-ag,v 1.1 2005/03/20 21:34:17 salo Exp $ + +--- readfile.c.orig 2000-02-09 17:06:23.000000000 +0100 ++++ readfile.c 2005-03-20 22:18:17.000000000 +0100 +@@ -1300,8 +1300,9 @@ + { + KWD_H *p; + char tmp[STRSIZ]; ++ memset(tmp,'\0',sizeof(tmp)); + +- strcpy(tmp, cp); /* make copy without any trailing '*' */ ++ strncpy(tmp, cp,sizeof(tmp)-1); /* make copy without any trailing '*' */ + if (LASTCHAR(tmp) == '*') + LASTCHAR(tmp) = '\0'; + -- cgit v1.2.3