diff options
author | marcus <marcus@FreeBSD.org> | 2004-11-11 04:22:41 +0800 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2004-11-11 04:22:41 +0800 |
commit | 367ddc2c3ebdb8a1e88978285bddcef27d4f8b99 (patch) | |
tree | 1dfca84b4abfa37aa84b6096a91d246ea434511d /textproc/libxml | |
parent | ff9a2607ad43d0308dac433e98323782c660707f (diff) | |
download | freebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.tar.gz freebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.tar.zst freebsd-ports-gnome-367ddc2c3ebdb8a1e88978285bddcef27d4f8b99.zip |
Backport patch from libxml2-2.6.15 to fix buffer overflows [nanoftp.c,
nanohttp.c, CAN-2004-0989]
Obtained from: Debian Woody libxml source RPM
Reported by: simon
Diffstat (limited to 'textproc/libxml')
-rw-r--r-- | textproc/libxml/Makefile | 2 | ||||
-rw-r--r-- | textproc/libxml/files/patch-nanoftp.c | 104 | ||||
-rw-r--r-- | textproc/libxml/files/patch-nanohttp.c | 45 |
3 files changed, 150 insertions, 1 deletions
diff --git a/textproc/libxml/Makefile b/textproc/libxml/Makefile index 166a9674792a..6a37156ede56 100644 --- a/textproc/libxml/Makefile +++ b/textproc/libxml/Makefile @@ -7,7 +7,7 @@ PORTNAME= libxml PORTVERSION= 1.8.17 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= textproc gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/libxml/1.8 diff --git a/textproc/libxml/files/patch-nanoftp.c b/textproc/libxml/files/patch-nanoftp.c new file mode 100644 index 000000000000..8a8f207e74a9 --- /dev/null +++ b/textproc/libxml/files/patch-nanoftp.c @@ -0,0 +1,104 @@ +--- nanoftp.c.orig Wed Nov 10 15:17:07 2004 ++++ nanoftp.c Wed Nov 10 15:19:56 2004 +@@ -65,6 +65,8 @@ + #define FTP_GET_PASSWD 331 + #define FTP_BUF_SIZE 512 + ++#define XML_NANO_MAX_URLBUF 4096 ++ + typedef struct xmlNanoFTPCtxt { + char *protocol; /* the protocol name */ + char *hostname; /* the host name */ +@@ -203,7 +205,7 @@ + xmlNanoFTPScanURL(void *ctx, const char *URL) { + xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx; + const char *cur = URL; +- char buf[4096]; ++ char buf[XML_NANO_MAX_URLBUF]; + int index = 0; + int port = 0; + +@@ -221,7 +223,7 @@ + } + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + ctxt->protocol = xmlMemStrdup(buf); +@@ -234,7 +236,7 @@ + if (*cur == 0) return; + + buf[index] = 0; +- while (1) { ++ while (index < XML_NANO_MAX_URLBUF - 1) { + if (cur[0] == ':') { + buf[index] = 0; + ctxt->hostname = xmlMemStrdup(buf); +@@ -263,7 +265,7 @@ + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); +@@ -288,7 +290,7 @@ + xmlNanoFTPUpdateURL(void *ctx, const char *URL) { + xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx; + const char *cur = URL; +- char buf[4096]; ++ char buf[XML_NANO_MAX_URLBUF]; + int index = 0; + int port = 0; + +@@ -301,7 +303,7 @@ + if (ctxt->hostname == NULL) + return(-1); + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + if (strcmp(ctxt->protocol, buf)) +@@ -353,7 +355,7 @@ + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); +@@ -374,7 +376,7 @@ + void + xmlNanoFTPScanProxy(const char *URL) { + const char *cur = URL; +- char buf[4096]; ++ char buf[XML_NANO_MAX_URLBUF]; + int index = 0; + int port = 0; + +@@ -393,7 +395,7 @@ + #endif + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + index = 0; +@@ -827,6 +829,11 @@ + hp = gethostbyname(ctxt->hostname); + if (hp == NULL) + return(-1); ++ ++ if ((unsigned int) hp->h_length > ++ sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) { ++ return (-1); ++ } + + /* + * Prepare the socket diff --git a/textproc/libxml/files/patch-nanohttp.c b/textproc/libxml/files/patch-nanohttp.c new file mode 100644 index 000000000000..cd39d002ca64 --- /dev/null +++ b/textproc/libxml/files/patch-nanohttp.c @@ -0,0 +1,45 @@ +--- nanohttp.c.orig Wed Nov 10 15:15:05 2004 ++++ nanohttp.c Wed Nov 10 15:16:44 2004 +@@ -161,6 +161,7 @@ + const char *cur = URL; + char buf[4096]; + int index = 0; ++ const int indexMax = 4096 - 1; + int port = 0; + + if (ctxt->protocol != NULL) { +@@ -177,7 +178,7 @@ + } + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < indexMax)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + ctxt->protocol = xmlMemStrdup(buf); +@@ -219,7 +220,7 @@ + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < indexMax)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); +@@ -241,6 +242,7 @@ + const char *cur = URL; + char buf[4096]; + int index = 0; ++ const int indexMax = 4096 - 1; + int port = 0; + + if (proxy != NULL) { +@@ -258,7 +260,7 @@ + #endif + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < indexMax)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + index = 0; |