diff options
| author | nectar <nectar@FreeBSD.org> | 2004-08-25 21:39:34 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-08-25 21:39:34 +0800 |
| commit | 1f380898ed2bd79314f448da736dd8ce5556314e (patch) | |
| tree | cf26af5619a05a49f1bf318bfa13d80432eab130 /multimedia/libxine | |
| parent | 257478d31f0ad5554ff665d543d98ecc296bb3d0 (diff) | |
| download | freebsd-ports-gnome-1f380898ed2bd79314f448da736dd8ce5556314e.tar.gz freebsd-ports-gnome-1f380898ed2bd79314f448da736dd8ce5556314e.tar.zst freebsd-ports-gnome-1f380898ed2bd79314f448da736dd8ce5556314e.zip | |
Fix vcd URL handling vulnerability described at
http://vuxml.freebsd.org/bef4515b-eaa9-11d8-9440-000347a4fa7d.html
Obtained from: xine CVS
Approved by: nobutaka (maintainer)
Diffstat (limited to 'multimedia/libxine')
| -rw-r--r-- | multimedia/libxine/Makefile | 2 | ||||
| -rw-r--r-- | multimedia/libxine/files/patch-src:input:vcd:xineplug_inp_vcd.c | 55 |
2 files changed, 56 insertions, 1 deletions
diff --git a/multimedia/libxine/Makefile b/multimedia/libxine/Makefile index 63e446839167..33c0d8870e7d 100644 --- a/multimedia/libxine/Makefile +++ b/multimedia/libxine/Makefile @@ -7,7 +7,7 @@ PORTNAME= xine PORTVERSION= 1.0.r5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= multimedia MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/multimedia/libxine/files/patch-src:input:vcd:xineplug_inp_vcd.c b/multimedia/libxine/files/patch-src:input:vcd:xineplug_inp_vcd.c new file mode 100644 index 000000000000..0640ebdca1fa --- /dev/null +++ b/multimedia/libxine/files/patch-src:input:vcd:xineplug_inp_vcd.c @@ -0,0 +1,55 @@ +--- src/input/vcd/xineplug_inp_vcd.c 2004/04/28 10:41:46 1.108 ++++ src/input/vcd/xineplug_inp_vcd.c 2004/07/18 14:47:21 1.109 +@@ -48,6 +48,7 @@ + #define SHORT_PLUGIN_NAME "VCDX" + #define MRL_PREFIX "vcdx://" + #define MRL_PREFIX_LEN strlen(MRL_PREFIX) ++#define MRL_MAX_LEN 1024 + + #define xine_config_entry_t xine_cfg_entry_t + +@@ -465,7 +466,7 @@ + return false; + } + +- count = sscanf (p, "%[^@]@%1[EePpSsTt]%u", ++ count = sscanf (p, "%1024[^@]@%1[EePpSsTt]%u", + device_str, type_str, &num); + itemid->num = num; + +@@ -489,7 +490,7 @@ + { + /* No device/file given, so use the default device and try again. */ + if (NULL == default_vcd_device) return false; +- strcpy(device_str, default_vcd_device); ++ strncpy(device_str, default_vcd_device, MRL_MAX_LEN); + if (p[0] == '@') p++; + count = sscanf (p, "%1[EePpSsTt]%u", type_str, &num); + type_str[0] = toupper(type_str[0]); +@@ -781,7 +782,7 @@ + vcd_class_get_dir (input_class_t *this_gen, const char *filename, + int *num_files) { + +- char intended_vcd_device[1024]=""; ++ char intended_vcd_device[MRL_MAX_LEN+1]=""; + vcdinfo_itemid_t itemid; + + vcd_input_class_t *class = (vcd_input_class_t *) this_gen; +@@ -913,7 +914,7 @@ + static char * + vcd_class_get_identifier (input_class_t *this_gen) { + dbg_print((INPUT_DBG_CALL|INPUT_DBG_EXT), "called\n"); +- return SHORT_PLUGIN_NAME; ++ return strdup(SHORT_PLUGIN_NAME); + } + + /* +@@ -1425,7 +1426,7 @@ + { + vcd_input_class_t *class = (vcd_input_class_t *) class_gen; + +- char intended_vcd_device[1024]=""; ++ char intended_vcd_device[MRL_MAX_LEN+1]=""; + vcdinfo_itemid_t itemid; + char *check_mrl=NULL; + bool used_default; |