aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2004-10-13 18:17:01 +0800
committersimon <simon@FreeBSD.org>2004-10-13 18:17:01 +0800
commit05bfbd9228fb1bea3bacae5827be4f787505c0aa (patch)
tree3eb59d16f647f052450c2433a3ef6a49dc87debc
parentbcd6fbbe7774bf2371c2bb0480691e969462713b (diff)
downloadfreebsd-ports-gnome-05bfbd9228fb1bea3bacae5827be4f787505c0aa.tar.gz
freebsd-ports-gnome-05bfbd9228fb1bea3bacae5827be4f787505c0aa.tar.zst
freebsd-ports-gnome-05bfbd9228fb1bea3bacae5827be4f787505c0aa.zip
Security update to sharutils:
- Fix two buffer overflows. [1] - Fix format string handling problems with command line parsing shar -o. [2] Obtained from: Gentoo [1] [2] Patch by: Michael Schröder [2] VuXML: 26c9e8c6-1c99-11d9-814e-0001020eed82 [1] Approved by: erwin
-rw-r--r--archivers/sharutils/Makefile2
-rw-r--r--archivers/sharutils/files/patch-buffer-check98
-rw-r--r--archivers/sharutils/files/patch-buffer-limits59
3 files changed, 158 insertions, 1 deletions
diff --git a/archivers/sharutils/Makefile b/archivers/sharutils/Makefile
index ebdf3b6b52ae..8a73bca2f1d8 100644
--- a/archivers/sharutils/Makefile
+++ b/archivers/sharutils/Makefile
@@ -7,7 +7,7 @@
PORTNAME= sharutils
PORTVERSION= 4.2.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU}
MASTER_SITE_SUBDIR= sharutils
diff --git a/archivers/sharutils/files/patch-buffer-check b/archivers/sharutils/files/patch-buffer-check
new file mode 100644
index 000000000000..46cf35e8a7f4
--- /dev/null
+++ b/archivers/sharutils/files/patch-buffer-check
@@ -0,0 +1,98 @@
+Index: src/shar.c
+===================================================================
+RCS file: /home/ke/cvsroot/sharutils/src/shar.c,v
+retrieving revision 1.22
+diff -u -r1.22 shar.c
+--- src/shar.c 2 Dec 2002 20:52:10 -0000 1.22
++++ src/shar.c 15 May 2004 09:13:16 -0000
+@@ -255,11 +255,11 @@
+ /* Position for first file in the shar file. */
+ static off_t first_file_position;
+
+-/* Base for output filename. FIXME: No fix limit in GNU... */
+-static char output_base_name[50];
++/* Base for output filename. */
++static char *output_base_name;
+
+-/* Actual output filename. FIXME: No fix limit in GNU... */
+-static char output_filename[50];
++/* Actual output filename. */
++static char *output_filename;
+
+ static char *submitter_address = NULL;
+
+@@ -1727,7 +1727,12 @@
+ static void
+ open_output ()
+ {
+- sprintf (output_filename, output_base_name, ++part_number);
++ size_t l;
++ l = strlen(output_base_name) + 128;
++ if (output_filename)
++ free(output_filename);
++ output_filename = xmalloc(l);
++ snprintf(output_filename, l, output_base_name, ++part_number);
+ output = fopen (output_filename, "w");
+ if (!output)
+ error (EXIT_FAILURE, errno, _("Opening `%s'"), output_filename);
+@@ -1907,6 +1912,42 @@
+ file_size_limit = lim;
+ }
+
++
++char *parse_output_base_name(char *arg)
++{
++ int c;
++ int hadarg = 0;
++ char *fmt, *p;
++
++ for (p = arg ; (c = *p++) != 0; )
++ {
++ if (c != '%')
++ continue;
++ c = *p++;
++ if (c == '%')
++ continue;
++ if (hadarg)
++ return 0;
++ while (c != 0 && strchr("#0+- 'I", c) != 0)
++ c = *p++;
++ while (c != 0 && c >= '0' && c <= '9')
++ c = *p++;
++ if (c == '.')
++ c = *p++;
++ while (c != 0 && c >= '0' && c <= '9')
++ c = *p++;
++ if (c == 0 || strchr("diouxX", c) == 0)
++ return 0;
++ hadarg = 1;
++ }
++ fmt = xmalloc(strlen(arg) + (hadarg ? 1 : 6));
++ strcpy(fmt, arg);
++ if (!hadarg)
++ strcat(fmt, ".%02d");
++ return fmt;
++}
++
++
+ /*---.
+ | ? |
+ `---*/
+@@ -2047,9 +2088,14 @@
+ break;
+
+ case 'o':
+- strcpy (output_base_name, optarg);
+- if (!strchr (output_base_name, '%'))
+- strcat (output_base_name, ".%02d");
++ if (output_base_name)
++ free (output_base_name);
++ output_base_name = parse_output_base_name(optarg);
++ if (!output_base_name)
++ {
++ fprintf (stderr, _("illegal output prefix\n"));
++ exit (EXIT_FAILURE);
++ }
+ part_number = 0;
+ open_output ();
+ break;
diff --git a/archivers/sharutils/files/patch-buffer-limits b/archivers/sharutils/files/patch-buffer-limits
new file mode 100644
index 000000000000..bbcb8b552126
--- /dev/null
+++ b/archivers/sharutils/files/patch-buffer-limits
@@ -0,0 +1,59 @@
+--- src/shar.c.orig 1999-09-10 21:20:41.000000000 +0200
++++ src/shar.c 2004-09-29 15:09:40.790061000 +0200
+@@ -1571,7 +1571,7 @@
+ sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name);
+ if (pfp = popen (command, "r"), pfp)
+ {
+- char wc[BUFSIZ];
++ char wc[BUFSIZ], tempform[50];
+ const char *prefix = "";
+
+ if (did_md5)
+@@ -1579,8 +1579,8 @@
+ fputs (" else\n", output);
+ prefix = " ";
+ }
+-
+- fscanf (pfp, "%s", wc);
++ sprintf (tempform, "%%%ds", BUFSIZ - 1);
++ fscanf (pfp, tempform, wc);
+ fprintf (output, "\
+ %s shar_count=\"`%s '%s'`\"\n\
+ %s test %s -eq \"$shar_count\" ||\n\
+diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c
+--- src/unshar.c.orig 1995-11-21 17:22:14.000000000 +0100
++++ src/unshar.c 2004-09-29 15:09:44.682469264 +0200
+@@ -346,8 +346,8 @@
+ {
+ size_t size_read;
+ FILE *file;
+- char name_buffer[NAME_BUFFER_SIZE];
+- char copy_buffer[NAME_BUFFER_SIZE];
++ char name_buffer[NAME_BUFFER_SIZE] = {'\0'};
++ char copy_buffer[NAME_BUFFER_SIZE] = {'\0'};
+ int optchar;
+
+ program_name = argv[0];
+@@ -409,14 +409,14 @@
+ if (optind < argc)
+ for (; optind < argc; optind++)
+ {
+- if (argv[optind][0] == '/')
+- stpcpy (name_buffer, argv[optind]);
+- else
+- {
+- char *cp = stpcpy (name_buffer, current_directory);
+- *cp++ = '/';
+- stpcpy (cp, argv[optind]);
+- }
++ if (argv[optind][0] == '/') {
++ strncpy (name_buffer, argv[optind], sizeof(name_buffer));
++ name_buffer[sizeof(name_buffer)-1] = '\0';
++ }
++ else {
++ snprintf(name_buffer, sizeof(name_buffer),"%s/%s", current_directory, argv[optind]);
++ name_buffer[sizeof(name_buffer)-1] = '\0';
++ }
+ if (file = fopen (name_buffer, "r"), !file)
+ error (EXIT_FAILURE, errno, name_buffer);
+ unarchive_shar_file (name_buffer, file);