From 1482a0f8016cf20f8d544ccdb37a58e0e64deadd Mon Sep 17 00:00:00 2001 From: itojun Date: Sun, 24 Jun 2001 05:57:23 +0000 Subject: plug buffer overrun vulnerability in mime charset parsing. from bugtraq. --- www/w3m/Makefile | 4 ++-- www/w3m/distinfo | 3 ++- www/w3m/patches/patch-ag | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 www/w3m/patches/patch-ag (limited to 'www/w3m') diff --git a/www/w3m/Makefile b/www/w3m/Makefile index a4c0ffc31bf..45392a16106 100644 --- a/www/w3m/Makefile +++ b/www/w3m/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.25 2001/05/19 03:56:41 jlam Exp $ +# $NetBSD: Makefile,v 1.26 2001/06/24 05:57:23 itojun Exp $ # DISTNAME= w3m-0.2.1 -PKGNAME= w3m-0.2.1.0.19 +PKGNAME= w3m-0.2.1.0.19nb1 CATEGORIES= www MASTER_SITES= ftp://ei5nazha.yz.yamagata-u.ac.jp/w3m/ diff --git a/www/w3m/distinfo b/www/w3m/distinfo index 0402957b4ad..02605cee2d0 100644 --- a/www/w3m/distinfo +++ b/www/w3m/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2001/05/01 00:31:25 kei Exp $ +$NetBSD: distinfo,v 1.3 2001/06/24 05:57:23 itojun Exp $ SHA1 (w3m-0.2.1.tar.gz) = 3ae98283f02f4faf05af76ee0b022f01c1301d29 Size (w3m-0.2.1.tar.gz) = 844101 bytes @@ -7,3 +7,4 @@ Size (w3m-0.2.1-m17n-0.19.patch.gz) = 1245263 bytes SHA1 (patch-aa) = 9c8e45448aedb1959d155eef355fe5d37599e11c SHA1 (patch-ab) = 08a28e40907f8c3040b1e9253caf14b8b4f0dc7e SHA1 (patch-af) = f43380334a92c609afef4058b03f1ef72ae77e2e +SHA1 (patch-ag) = e394cac02a053c8deb5cb6c2d946c9ae8edc891d diff --git a/www/w3m/patches/patch-ag b/www/w3m/patches/patch-ag new file mode 100644 index 00000000000..28dd41800de --- /dev/null +++ b/www/w3m/patches/patch-ag @@ -0,0 +1,41 @@ +$NetBSD: patch-ag,v 1.1 2001/06/24 05:57:24 itojun Exp $ + +plug buffer overrun vulnerability in mime charset parsing +http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html + +--- mimehead.c Sun Jun 24 14:49:45 2001 ++++ mimehead.c Sun Jun 24 14:46:53 2001 +@@ -173,27 +173,26 @@ + decodeWord(char **ow) + { + #endif +- char buf[32]; + char *p, *w = *ow; + char method; + Str a = Strnew(); ++ Str cs = Strnew(); + + if (*w != '=' || *(w + 1) != '?') + goto convert_fail; + w += 2; +- for (p = buf; p - buf < 31 && *w != '?'; w++) { ++ for (; *w != '?'; w++) { + if (*w == '\0') + goto convert_fail; +- *(p++) = *w; ++ Strcat_char(cs, *w); + } +- *p = '\0'; + #ifdef USE_M17N +- c = wc_guess_charset(buf, 0); ++ c = wc_guess_charset(cs->ptr, 0); + if (! c) + goto convert_fail; + #else +- if (strcasecmp(buf, "ISO-8859-1") != 0 && +- strcasecmp(buf, "US_ASCII") != 0) ++ if (Strcasecmp_charp(cs, "ISO-8859-1") != 0 && ++ Strcasecmp_charp(cs, "US_ASCII") != 0) + /* NOT ISO-8859-1 encoding ... don't convert */ + goto convert_fail; + #endif -- cgit v1.2.3