aboutsummaryrefslogtreecommitdiffstats
path: root/comms
diff options
context:
space:
mode:
authorstefan <stefan@FreeBSD.org>2008-10-19 16:09:02 +0800
committerstefan <stefan@FreeBSD.org>2008-10-19 16:09:02 +0800
commitbedf41ba6f3d3f15b03b508bac7b58f3e63d2e6f (patch)
tree99f0c7db40027c75e8b43a8212f217041965e402 /comms
parent335be67fd5125747d98086cec10f84bdb2fb003b (diff)
downloadfreebsd-ports-gnome-bedf41ba6f3d3f15b03b508bac7b58f3e63d2e6f.tar.gz
freebsd-ports-gnome-bedf41ba6f3d3f15b03b508bac7b58f3e63d2e6f.tar.zst
freebsd-ports-gnome-bedf41ba6f3d3f15b03b508bac7b58f3e63d2e6f.zip
Fix a potential buffer overflow.
PR: 128216 Submitted by: maintainer
Diffstat (limited to 'comms')
-rw-r--r--comms/qpage/Makefile2
-rw-r--r--comms/qpage/files/patch-srvrsnpp.c28
2 files changed, 29 insertions, 1 deletions
diff --git a/comms/qpage/Makefile b/comms/qpage/Makefile
index 3d47844fce45..d08258a0c56d 100644
--- a/comms/qpage/Makefile
+++ b/comms/qpage/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qpage
PORTVERSION= 3.3
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= comms
MASTER_SITES= http://www.qpage.org/download/
EXTRACT_SUFX= .tar.Z
diff --git a/comms/qpage/files/patch-srvrsnpp.c b/comms/qpage/files/patch-srvrsnpp.c
new file mode 100644
index 000000000000..95b27126e8ad
--- /dev/null
+++ b/comms/qpage/files/patch-srvrsnpp.c
@@ -0,0 +1,28 @@
+--- srvrsnpp.c.orig 1998-10-25 14:55:05.000000000 -0500
++++ srvrsnpp.c 2008-10-18 18:09:44.175331511 -0400
+@@ -523,6 +523,7 @@
+ char *errmsg;
+ char *a;
+ char *b;
++ char *m;
+ int i;
+ int badarg;
+ int gotpager;
+@@ -701,7 +702,16 @@
+
+ p->created = time(NULL);
+ (void)sprintf(buff, "%d", pagecount++);
+- (void)strcat(p->messageid, buff);
++ m = (void *)malloc(sizeof(*m) * strlen(p->messageid) + sizeof(*m) * strlen(buff));
++ if ( m == NULL ) {
++ message("554 Message failed (out of memory)");
++ qpage_log(LOG_ERR, "snpp(): cannot allocate memory for p->messageid");
++ clear_page(p, TRUE);
++ break;
++ }
++ (void)sprintf(m, "%s%s", p->messageid, buff);
++ my_free(p->messageid);
++ p->messageid = m;
+
+ qpage_log(LOG_ALERT, "page submitted, id=%s, from=%s",
+ p->messageid,