diff options
author | naddy <naddy@FreeBSD.org> | 2010-03-25 02:46:46 +0800 |
---|---|---|
committer | naddy <naddy@FreeBSD.org> | 2010-03-25 02:46:46 +0800 |
commit | a2cc16ab89f452e0c8b21f00d2cdd704e98decbc (patch) | |
tree | 793c8e3ef007678f467bc7a75f1d19504040efe3 | |
parent | 991daff9a7a804c80c8cd2130225d619bb73d1a6 (diff) | |
download | freebsd-ports-gnome-a2cc16ab89f452e0c8b21f00d2cdd704e98decbc.tar.gz freebsd-ports-gnome-a2cc16ab89f452e0c8b21f00d2cdd704e98decbc.tar.zst freebsd-ports-gnome-a2cc16ab89f452e0c8b21f00d2cdd704e98decbc.zip |
Fix a buffer overflow in the rmt client functionality.
From upstream.
Security: c175d72f-3773-11df-8bb8-0211d880e350
-rw-r--r-- | archivers/gtar/Makefile | 2 | ||||
-rw-r--r-- | archivers/gtar/files/patch-lib_rtapelib.c | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile index fedcea4be192..5aceaf271bd0 100644 --- a/archivers/gtar/Makefile +++ b/archivers/gtar/Makefile @@ -7,7 +7,7 @@ PORTNAME= tar PORTVERSION= 1.22 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= archivers sysutils MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/archivers/gtar/files/patch-lib_rtapelib.c b/archivers/gtar/files/patch-lib_rtapelib.c new file mode 100644 index 000000000000..e6c81e14a0aa --- /dev/null +++ b/archivers/gtar/files/patch-lib_rtapelib.c @@ -0,0 +1,28 @@ + +$FreeBSD$ + +--- lib/rtapelib.c.orig ++++ lib/rtapelib.c +@@ -570,7 +570,8 @@ + + sprintf (command_buffer, "R%lu\n", (unsigned long) length); + if (do_command (handle, command_buffer) == -1 +- || (status = get_status (handle)) == SAFE_READ_ERROR) ++ || (status = get_status (handle)) == SAFE_READ_ERROR ++ || status > length) + return SAFE_READ_ERROR; + + for (counter = 0; counter < status; counter += rlen, buffer += rlen) +@@ -706,6 +707,12 @@ + || (status = get_status (handle), status == -1)) + return -1; + ++ if (status > sizeof (struct mtop)) ++ { ++ errno = EOVERFLOW; ++ return -1; ++ } ++ + for (; status > 0; status -= counter, argument += counter) + { + counter = safe_read (READ_SIDE (handle), argument, status); |