diff options
author | nectar <nectar@FreeBSD.org> | 2004-01-26 21:06:02 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-01-26 21:06:02 +0800 |
commit | 4ec2ad422bc2749522b6411462777c78d94c5979 (patch) | |
tree | 4d3a21d01da95ab19ff179cff33a8018e9670e84 /net-im | |
parent | 32c025b8b8e9a3b2c9872ddc7e0150ab60d95d81 (diff) | |
download | freebsd-ports-gnome-4ec2ad422bc2749522b6411462777c78d94c5979.tar.gz freebsd-ports-gnome-4ec2ad422bc2749522b6411462777c78d94c5979.tar.zst freebsd-ports-gnome-4ec2ad422bc2749522b6411462777c78d94c5979.zip |
Patch almost a dozen vulnerabilities, see
<URL:http://security.e-matters.de/advisories/012004.txt>.
Some fixes were
Obtained from: Gaim CVS, originally submitted by Stefan Esser
Diffstat (limited to 'net-im')
-rw-r--r-- | net-im/gaim/Makefile | 2 | ||||
-rw-r--r-- | net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c | 248 | ||||
-rw-r--r-- | net-im/gaim/files/patch-src::proxy.c | 19 | ||||
-rw-r--r-- | net-im/gaim/files/patch-src::util.c | 161 |
4 files changed, 426 insertions, 4 deletions
diff --git a/net-im/gaim/Makefile b/net-im/gaim/Makefile index 59f6bd6d3c15..e58e0e2ad861 100644 --- a/net-im/gaim/Makefile +++ b/net-im/gaim/Makefile @@ -6,7 +6,7 @@ PORTNAME= gaim PORTVERSION= 0.75 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c new file mode 100644 index 000000000000..ecb6ec9f450b --- /dev/null +++ b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c @@ -0,0 +1,248 @@ +*** src/protocols/yahoo/yahoo.c.orig Thu Jan 22 09:57:03 2004 +--- src/protocols/yahoo/yahoo.c Thu Jan 22 10:15:11 2004 +*************** +*** 20,25 **** +--- 20,26 ---- + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ ++ #include <limits.h> + #include "internal.h" + + #include "account.h" +*************** +*** 131,138 **** +--- 132,146 ---- + while (pos + 1 < len) { + if (data[pos] == 0xc0 && data[pos + 1] == 0x80) + break; ++ if (x >= sizeof(key)-1) { ++ x++; ++ continue; ++ ++ } + key[x++] = data[pos++]; + } ++ if (x >= sizeof(key)-1) ++ x = 0; + key[x] = 0; + pos += 2; + pair->key = strtol(key, NULL, 10); +*************** +*** 868,899 **** + } + } + + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! char *p, *n, *new; +! +! n = new = g_malloc(strlen (text) + 1); +! +! for (p = (char *)text; *p; p++, n++) { + if (*p == '\\') { +! sscanf(p + 1, "%3o\n", (int *)n); +! p += 3; +! } +! else +! *n = *p; + } +- + *n = '\0'; +- + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + + return converted; + } + + static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt) + { + GaimAccount *account = gaim_connection_get_account(gc); +--- 876,941 ---- + } + } + ++ ++ static void octal(const char **p, const char *end, unsigned char *n) ++ { ++ int i, c; ++ ++ for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) { ++ c <<= 3; ++ switch (**p) { ++ case '0': break; ++ case '1': c += 1; break; ++ case '2': c += 2; break; ++ case '3': c += 3; break; ++ case '4': c += 4; break; ++ case '5': c += 5; break; ++ case '6': c += 6; break; ++ case '7': c += 7; break; ++ default: ++ if (i == 0) { ++ *n = **p; ++ ++*p; ++ return; ++ } ++ c >>= 3; ++ goto done; ++ } ++ } ++ done: ++ *n = (c > UCHAR_MAX) ? '?' : c; ++ return; ++ } ++ + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! unsigned char *n, *new; +! size_t len; +! const char *p, *end; +! +! len = strlen (text); +! p = text; +! end = &text[len]; +! n = new = g_malloc(len + 1); +! while (p < end) { + if (*p == '\\') { +! ++p; +! octal(&p, end, n); +! } else +! *n = *p++; +! ++n; + } + *n = '\0'; + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + + return converted; + } + ++ + static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt) + { + GaimAccount *account = gaim_connection_get_account(gc); +*************** +*** 1903,1934 **** + + static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) + { + GaimConnection *gc = data; + GaimAccount *account = gaim_connection_get_account(gc); + struct yahoo_data *yd = gc->proto_data; +! char buf[1024], buf2[256], *i = buf, *r = buf2; +! int len, o = 0; + + len = read(source, buf, sizeof(buf)); +! if (len <= 0 || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) { + gaim_connection_error(gc, _("Unable to read")); + return; + } +! +! while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) { +! i += strlen("Set-Cookie: "); +! for (;*i != ';'; r++, i++) { +! *r = *i; +! } +! *r=';'; +! r++; +! *r=' '; +! r++; +! o++; +! } +! /* Get rid of that "; " */ +! *(r-2) = '\0'; +! yd->auth = g_strdup(buf2); + gaim_input_remove(gc->inpa); + close(source); + /* Now we have our cookies to login with. I'll go get the milk. */ +--- 1945,1974 ---- + + static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) + { ++ static const char http302[] = "HTTP/1.0 302"; ++ static const char setcookie[] = "Set-Cookie: "; + GaimConnection *gc = data; + GaimAccount *account = gaim_connection_get_account(gc); + struct yahoo_data *yd = gc->proto_data; +! char buf[1024], *i = buf; +! int len; +! GString *s; + + len = read(source, buf, sizeof(buf)); +! if (len <= 0 || (len >= sizeof(http302)-1 && +! memcmp(http302, buf, sizeof(http302)-1) != 0)) { + gaim_connection_error(gc, _("Unable to read")); + return; + } +! s = g_string_sized_new(len); +! buf[len] = '\0'; +! while ((i = strstr(i, setcookie)) != NULL) { +! i += sizeof(setcookie)-1; +! for (;*i != ';'; i++) +! g_string_append_c(s, *i); +! g_string_append(s, "; "); +! } +! yd->auth = g_string_free(s, FALSE); + gaim_input_remove(gc->inpa); + close(source); + /* Now we have our cookies to login with. I'll go get the milk. */ +*************** +*** 1937,1943 **** + yahoo_got_web_connected, gc) != 0) { + gaim_connection_error(gc, _("Connection problem")); + return; +! } + } + + static void yahoo_got_cookies(gpointer data, gint source, GaimInputCondition cond) +--- 1977,1983 ---- + yahoo_got_web_connected, gc) != 0) { + gaim_connection_error(gc, _("Connection problem")); + return; +! } + } + + static void yahoo_got_cookies(gpointer data, gint source, GaimInputCondition cond) +*************** +*** 1974,1988 **** + const char *c = buf; + char *d; + char name[64], value[64]; + while ((c < (buf + len)) && (c = strstr(c, "<input "))) { + c = strstr(c, "name=\"") + strlen("name=\""); +! for (d = name; *c!='"'; c++, d++) + *d = *c; + *d = '\0'; + d = strstr(c, "value=\"") + strlen("value=\""); + if (strchr(c, '>') < d) + break; +! for (c = d, d = value; *c!='"'; c++, d++) + *d = *c; + *d = '\0'; + g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); +--- 2014,2030 ---- + const char *c = buf; + char *d; + char name[64], value[64]; ++ int count = sizeof(name)-1; + while ((c < (buf + len)) && (c = strstr(c, "<input "))) { + c = strstr(c, "name=\"") + strlen("name=\""); +! for (d = name; *c!='"' && count; c++, d++, count--) + *d = *c; + *d = '\0'; ++ count = sizeof(value)-1; + d = strstr(c, "value=\"") + strlen("value=\""); + if (strchr(c, '>') < d) + break; +! for (c = d, d = value; *c!='"' && count; c++, d++, count--) + *d = *c; + *d = '\0'; + g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); diff --git a/net-im/gaim/files/patch-src::proxy.c b/net-im/gaim/files/patch-src::proxy.c new file mode 100644 index 000000000000..bbf4a19b3124 --- /dev/null +++ b/net-im/gaim/files/patch-src::proxy.c @@ -0,0 +1,19 @@ +*** src/proxy.c.orig Thu Jan 22 08:27:26 2004 +--- src/proxy.c Thu Jan 22 08:28:05 2004 +*************** +*** 974,980 **** + + gaim_input_remove(phb->inpa); + +! while ((nlc != 2) && (read(source, &inputline[pos++], 1) == 1)) { + if (inputline[pos - 1] == '\n') + nlc++; + else if (inputline[pos - 1] != '\r') +--- 974,980 ---- + + gaim_input_remove(phb->inpa); + +! while ((pos < sizeof(inputline)-1) && (nlc != 2) && (read(source, &inputline[pos++], 1) == 1)) { + if (inputline[pos - 1] == '\n') + nlc++; + else if (inputline[pos - 1] != '\r') diff --git a/net-im/gaim/files/patch-src::util.c b/net-im/gaim/files/patch-src::util.c index 67054a740409..79a71a97de84 100644 --- a/net-im/gaim/files/patch-src::util.c +++ b/net-im/gaim/files/patch-src::util.c @@ -1,5 +1,160 @@ -*** src/util.c.orig Tue Jan 13 14:49:00 2004 ---- src/util.c Tue Jan 13 14:49:11 2004 +*** src/util.c.orig Fri Jan 9 22:04:56 2004 +--- src/util.c Thu Jan 22 08:26:14 2004 +*************** +*** 247,270 **** + /************************************************************************** + * Quoted Printable Functions + **************************************************************************/ +! void +! gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) + { +! char *p, *n, *new; + +! n = new = g_malloc(strlen (str) + 1); + +! for (p = (char *)str; *p; p++, n++) { + if (*p == '=') { +! sscanf(p + 1, "%2x\n", (int *)n); +! p += 2; +! } +! else if (*p == '_') + *n = ' '; + else + *n = *p; + } +- + *n = '\0'; + + if (ret_len) +--- 247,317 ---- + /************************************************************************** + * Quoted Printable Functions + **************************************************************************/ +! static void hex(const char **p, const char *end, unsigned char *n) + { +! int i, c; + +! for (i = 0, c = 0; i < 2 && *p < end; ++i, ++*p) { +! c <<= 4; +! switch (**p) { +! case '0': break; +! case '1': c += 1; break; +! case '2': c += 2; break; +! case '3': c += 3; break; +! case '4': c += 4; break; +! case '5': c += 5; break; +! case '6': c += 6; break; +! case '7': c += 7; break; +! case '8': c += 8; break; +! case '9': c += 9; break; +! case 'a': c += 10; break; +! case 'b': c += 11; break; +! case 'c': c += 12; break; +! case 'd': c += 13; break; +! case 'e': c += 14; break; +! case 'f': c += 15; break; +! case 'A': c += 10; break; +! case 'B': c += 11; break; +! case 'C': c += 12; break; +! case 'D': c += 13; break; +! case 'E': c += 14; break; +! case 'F': c += 15; break; +! default: +! if (i == 0) { +! *n = **p; +! ++*p; +! return; +! } +! c >>= 4; +! goto done; +! } +! } +! done: +! *n = (c > UCHAR_MAX) ? '?' : c; +! return; +! } + +! void +! gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) +! { +! const char *p, *end; +! unsigned char *n, *new; +! size_t len; +! +! len = strlen (str); +! n = new = g_malloc(len + 1); +! p = str; +! end = &p[len]; +! while (p < end) { + if (*p == '=') { +! ++p; +! hex(&p, end, n); +! } else if (*p == '_') + *n = ' '; + else + *n = *p; ++ ++n; + } + *n = '\0'; + + if (ret_len) +*************** +*** 1962,1968 **** + char **ret_path) + { + char scan_info[255]; +! char port_str[5]; + int f; + const char *turl; + char host[256], path[256]; +--- 2009,2015 ---- + char **ret_path) + { + char scan_info[255]; +! char port_str[6]; + int f; + const char *turl; + char host[256], path[256]; +*************** +*** 1982,1997 **** + } + + g_snprintf(scan_info, sizeof(scan_info), +! "%%[%s]:%%[%s]/%%[%s]", addr_ctrl, port_ctrl, page_ctrl); + + f = sscanf(url, scan_info, host, port_str, path); + + if (f == 1) + { + g_snprintf(scan_info, sizeof(scan_info), +! "%%[%s]/%%[%s]", + addr_ctrl, page_ctrl); + f = sscanf(url, scan_info, host, path); + g_snprintf(port_str, sizeof(port_str), "80"); + } + +--- 2029,2049 ---- + } + + g_snprintf(scan_info, sizeof(scan_info), +! "%%255[%s]:%%5[%s]/%%255[%s]", addr_ctrl, port_ctrl, page_ctrl); +! addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; +! port_ctrl[sizeof(port_ctrl)-1] = '\0'; +! page_ctrl[sizeof(page_ctrl)-1] = '\0'; + + f = sscanf(url, scan_info, host, port_str, path); + + if (f == 1) + { + g_snprintf(scan_info, sizeof(scan_info), +! "%%255[%s]/%%255[%s]", + addr_ctrl, page_ctrl); + f = sscanf(url, scan_info, host, path); ++ addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; ++ page_ctrl[sizeof(page_ctrl)-1] = '\0'; + g_snprintf(port_str, sizeof(port_str), "80"); + } + *************** *** 2081,2089 **** static size_t @@ -11,7 +166,7 @@ return content_len; } ---- 2081,2094 ---- +--- 2133,2146 ---- static size_t parse_content_len(const char *data, size_t data_len) { |