diff options
author | kuriyama <kuriyama@FreeBSD.org> | 2000-06-30 09:47:44 +0800 |
---|---|---|
committer | kuriyama <kuriyama@FreeBSD.org> | 2000-06-30 09:47:44 +0800 |
commit | 76bc33ce050095945f2e4909bd197ed74075cbbe (patch) | |
tree | f419176c6eb4fb767df0634042344953703ed5dd /japanese/canna-server | |
parent | 0f7373b5cb9a04aeaecd4f8b7cf4475f9dd1c117 (diff) | |
download | freebsd-ports-gnome-76bc33ce050095945f2e4909bd197ed74075cbbe.tar.gz freebsd-ports-gnome-76bc33ce050095945f2e4909bd197ed74075cbbe.tar.zst freebsd-ports-gnome-76bc33ce050095945f2e4909bd197ed74075cbbe.zip |
Fix remote buffer overflow vulnerability.
References: SPSadvisory#38
http://shadowpenguin.backsection.net/advisories/advisory038.html
(Japanese only)
http://shadowpenguin.backsection.net/advisories/index.html
(English abstract included)
Max, should we use "canna" UID for sandbox'ing?
Diffstat (limited to 'japanese/canna-server')
-rw-r--r-- | japanese/canna-server/files/patch-af | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/japanese/canna-server/files/patch-af b/japanese/canna-server/files/patch-af new file mode 100644 index 000000000000..656d80769276 --- /dev/null +++ b/japanese/canna-server/files/patch-af @@ -0,0 +1,22 @@ +--- server/misc.c~ Fri Jul 29 12:03:54 1994 ++++ server/misc.c Fri Jun 30 10:16:39 2000 +@@ -788,12 +788,19 @@ + + if (client->username && client->username[0]) { + if (client->groupname && client->groupname[0]) { ++ if (strlen(DDUSER) + strlen(client->username) + ++ strlen(DDGROUP) + strlen(client->groupname) + ++ strlen(DDPATH) >= 256) ++ return ( -1 ); + sprintf(dichome, "%s/%s:%s/%s:%s", + DDUSER, client->username, + DDGROUP, client->groupname, + DDPATH); + } + else { ++ if (strlen(DDUSER) + strlen(client->username) + ++ strlen(DDPATH) >= 256) ++ return ( -1 ); + sprintf(dichome, "%s/%s:%s", + DDUSER, client->username, + DDPATH); |