devel/cvsps/patches/patch-ag


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

$NetBSD: patch-ag,v 1.2 2016/07/25 05:10:03 christos Exp $

Keep reading for M
Avoid buffer overflow (truncate).

--- cvs_direct.c.orig	2005-05-25 23:39:40.000000000 -0400
+++ cvs_direct.c	2016-07-25 01:06:39.000000000 -0400
@@ -45,7 +45,7 @@
 static void send_string(CvsServerCtx *, const char *, ...);
 static int read_response(CvsServerCtx *, const char *);
 static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp);
-static int read_line(CvsServerCtx * ctx, char * p);
+static int read_line(CvsServerCtx * ctx, char * p, size_t);
 
 static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *);
 static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *);
@@ -131,7 +131,7 @@
 	send_string(ctx, "valid-requests\n");
 
 	/* check for the commands we will issue */
-	read_line(ctx, buff);
+	read_line(ctx, buff, sizeof(buff));
 	if (strncmp(buff, "Valid-requests", 14) != 0)
 	{
 	    debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command");
@@ -150,7 +150,7 @@
 	    return NULL;
 	}
 	
-	read_line(ctx, buff);
+	read_line(ctx, buff, sizeof(buff));
 	if (strcmp(buff, "ok") != 0)
 	{
 	    debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command");
@@ -661,7 +661,7 @@
     return len;
 }
 
-static int read_line(CvsServerCtx * ctx, char * p)
+static int read_line(CvsServerCtx * ctx, char * p, size_t size)
 {
     int len = 0;
     while (1)
@@ -672,7 +672,7 @@
 
 	*p = *ctx->head++;
 
-	if (*p == '\n')
+	if (*p == '\n' || len >= size - 1)
 	{
 	    *p = 0;
 	    break;
@@ -689,7 +689,7 @@
     /* FIXME: more than 1 char at a time */
     char resp[BUFSIZ];
 
-    if (read_line(ctx, resp) < 0)
+    if (read_line(ctx, resp, sizeof(resp)) < 0)
 	return 0;
 
     debug(DEBUG_TCP, "response '%s' read", resp);
@@ -703,7 +703,7 @@
 
     while (1)
     {
-	read_line(ctx, line);
+	read_line(ctx, line, sizeof(line));
 	debug(DEBUG_TCP, "ctx_to_fp: %s", line);
 	if (memcmp(line, "M ", 2) == 0)
 	{
@@ -879,7 +879,7 @@
     char lbuff[BUFSIZ];
     int len;
 
-    len = read_line(ctx, lbuff);
+    len = read_line(ctx, lbuff, sizeof(lbuff));
     debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff);
 
     if (memcmp(lbuff, "M ", 2) == 0)
@@ -910,13 +910,15 @@
     char lbuff[BUFSIZ];
     strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct");
     send_string(ctx, "version\n");
-    read_line(ctx, lbuff);
+    read_line(ctx, lbuff, sizeof(lbuff));
     if (memcmp(lbuff, "M ", 2) == 0)
 	sprintf(server_version, "Server: %s", lbuff + 2);
     else
 	debug(DEBUG_APPERROR, "cvs_direct: didn't read version: %s", lbuff);
     
-    read_line(ctx, lbuff);
+    do
+	read_line(ctx, lbuff, sizeof(lbuff));
+    while(memcmp(lbuff, "M ", 2) == 0);
     if (strcmp(lbuff, "ok") != 0)
 	debug(DEBUG_APPERROR, "cvs_direct: protocol error reading version");