aboutsummaryrefslogtreecommitdiffstats
path: root/textproc/libxml
diff options
context:
space:
mode:
authormarcus <marcus@FreeBSD.org>2004-11-11 04:22:41 +0800
committermarcus <marcus@FreeBSD.org>2004-11-11 04:22:41 +0800
commit367ddc2c3ebdb8a1e88978285bddcef27d4f8b99 (patch)
tree1dfca84b4abfa37aa84b6096a91d246ea434511d /textproc/libxml
parentff9a2607ad43d0308dac433e98323782c660707f (diff)
downloadfreebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.tar.gz
freebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.tar.zst
freebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.zip
Backport patch from libxml2-2.6.15 to fix buffer overflows [nanoftp.c,
nanohttp.c, CAN-2004-0989] Obtained from: Debian Woody libxml source RPM Reported by: simon
Diffstat (limited to 'textproc/libxml')
-rw-r--r--textproc/libxml/Makefile2
-rw-r--r--textproc/libxml/files/patch-nanoftp.c104
-rw-r--r--textproc/libxml/files/patch-nanohttp.c45
3 files changed, 150 insertions, 1 deletions
diff --git a/textproc/libxml/Makefile b/textproc/libxml/Makefile
index 166a9674792a..6a37156ede56 100644
--- a/textproc/libxml/Makefile
+++ b/textproc/libxml/Makefile
@@ -7,7 +7,7 @@
PORTNAME= libxml
PORTVERSION= 1.8.17
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= textproc gnome
MASTER_SITES= ${MASTER_SITE_GNOME}
MASTER_SITE_SUBDIR= sources/libxml/1.8
diff --git a/textproc/libxml/files/patch-nanoftp.c b/textproc/libxml/files/patch-nanoftp.c
new file mode 100644
index 000000000000..8a8f207e74a9
--- /dev/null
+++ b/textproc/libxml/files/patch-nanoftp.c
@@ -0,0 +1,104 @@
+--- nanoftp.c.orig Wed Nov 10 15:17:07 2004
++++ nanoftp.c Wed Nov 10 15:19:56 2004
+@@ -65,6 +65,8 @@
+ #define FTP_GET_PASSWD 331
+ #define FTP_BUF_SIZE 512
+
++#define XML_NANO_MAX_URLBUF 4096
++
+ typedef struct xmlNanoFTPCtxt {
+ char *protocol; /* the protocol name */
+ char *hostname; /* the host name */
+@@ -203,7 +205,7 @@
+ xmlNanoFTPScanURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -221,7 +223,7 @@
+ }
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -234,7 +236,7 @@
+ if (*cur == 0) return;
+
+ buf[index] = 0;
+- while (1) {
++ while (index < XML_NANO_MAX_URLBUF - 1) {
+ if (cur[0] == ':') {
+ buf[index] = 0;
+ ctxt->hostname = xmlMemStrdup(buf);
+@@ -263,7 +265,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -288,7 +290,7 @@
+ xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -301,7 +303,7 @@
+ if (ctxt->hostname == NULL)
+ return(-1);
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ if (strcmp(ctxt->protocol, buf))
+@@ -353,7 +355,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -374,7 +376,7 @@
+ void
+ xmlNanoFTPScanProxy(const char *URL) {
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -393,7 +395,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ index = 0;
+@@ -827,6 +829,11 @@
+ hp = gethostbyname(ctxt->hostname);
+ if (hp == NULL)
+ return(-1);
++
++ if ((unsigned int) hp->h_length >
++ sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
++ return (-1);
++ }
+
+ /*
+ * Prepare the socket
diff --git a/textproc/libxml/files/patch-nanohttp.c b/textproc/libxml/files/patch-nanohttp.c
new file mode 100644
index 000000000000..cd39d002ca64
--- /dev/null
+++ b/textproc/libxml/files/patch-nanohttp.c
@@ -0,0 +1,45 @@
+--- nanohttp.c.orig Wed Nov 10 15:15:05 2004
++++ nanohttp.c Wed Nov 10 15:16:44 2004
+@@ -161,6 +161,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int index = 0;
++ const int indexMax = 4096 - 1;
+ int port = 0;
+
+ if (ctxt->protocol != NULL) {
+@@ -177,7 +178,7 @@
+ }
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < indexMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -219,7 +220,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < indexMax))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -241,6 +242,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int index = 0;
++ const int indexMax = 4096 - 1;
+ int port = 0;
+
+ if (proxy != NULL) {
+@@ -258,7 +260,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < indexMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ index = 0;