diff options
| author | nectar <nectar@FreeBSD.org> | 2001-11-29 23:06:19 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2001-11-29 23:06:19 +0800 |
| commit | 18bbd19817dca4a3b1c0ddc4831503046ef4bb19 (patch) | |
| tree | 061860b79fd9b5b62303811c84a59e98ab2c19dd /devel | |
| parent | 500fa50b2647d1934c3172d90a38bf855de17f3a (diff) | |
| download | freebsd-ports-gnome-18bbd19817dca4a3b1c0ddc4831503046ef4bb19.tar.gz freebsd-ports-gnome-18bbd19817dca4a3b1c0ddc4831503046ef4bb19.tar.zst freebsd-ports-gnome-18bbd19817dca4a3b1c0ddc4831503046ef4bb19.zip | |
Patch from vendor. From the ChangeLog:
2001-11-27 Flavio Veloso <flaviovs@magnux.com>
* gnuserv.c: Fix a potential buffer overflow in permitted() that
may allow the client to execute code on the server.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/libgtop/Makefile | 1 | ||||
| -rw-r--r-- | devel/libgtop/files/patch-src::daemon::gnuserv.c | 15 | ||||
| -rw-r--r-- | devel/libgtop2/Makefile | 1 | ||||
| -rw-r--r-- | devel/libgtop2/files/patch-src::daemon::gnuserv.c | 15 |
4 files changed, 32 insertions, 0 deletions
diff --git a/devel/libgtop/Makefile b/devel/libgtop/Makefile index 94af3fda2d6d..aafc98ffce53 100644 --- a/devel/libgtop/Makefile +++ b/devel/libgtop/Makefile @@ -7,6 +7,7 @@ PORTNAME= libgtop PORTVERSION= 1.0.12 +PORTREVISION= 1 CATEGORIES= devel gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= stable/sources/libgtop diff --git a/devel/libgtop/files/patch-src::daemon::gnuserv.c b/devel/libgtop/files/patch-src::daemon::gnuserv.c new file mode 100644 index 000000000000..8b0712a8d041 --- /dev/null +++ b/devel/libgtop/files/patch-src::daemon::gnuserv.c @@ -0,0 +1,15 @@ +--- src/daemon/gnuserv.c.orig Thu Nov 29 08:58:40 2001 ++++ src/daemon/gnuserv.c Thu Nov 29 08:58:17 2001 +@@ -200,6 +200,12 @@ + + auth_data_len = atoi (buf); + ++ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { ++ syslog_message(LOG_WARNING, ++ "Invalid data length supplied by client"); ++ return FALSE; ++ } ++ + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) + return FALSE; + diff --git a/devel/libgtop2/Makefile b/devel/libgtop2/Makefile index 94af3fda2d6d..aafc98ffce53 100644 --- a/devel/libgtop2/Makefile +++ b/devel/libgtop2/Makefile @@ -7,6 +7,7 @@ PORTNAME= libgtop PORTVERSION= 1.0.12 +PORTREVISION= 1 CATEGORIES= devel gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= stable/sources/libgtop diff --git a/devel/libgtop2/files/patch-src::daemon::gnuserv.c b/devel/libgtop2/files/patch-src::daemon::gnuserv.c new file mode 100644 index 000000000000..8b0712a8d041 --- /dev/null +++ b/devel/libgtop2/files/patch-src::daemon::gnuserv.c @@ -0,0 +1,15 @@ +--- src/daemon/gnuserv.c.orig Thu Nov 29 08:58:40 2001 ++++ src/daemon/gnuserv.c Thu Nov 29 08:58:17 2001 +@@ -200,6 +200,12 @@ + + auth_data_len = atoi (buf); + ++ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { ++ syslog_message(LOG_WARNING, ++ "Invalid data length supplied by client"); ++ return FALSE; ++ } ++ + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) + return FALSE; + |