Fix remote buffer overflow in search.cgi arguments

2 files changed, 26 insertions, 1 deletions

diff --git a/www/mnogosearch31/Makefile b/www/mnogosearch31/Makefile
index f661ee800663..656faaa59d99 100644
--- a/www/mnogosearch31/Makefile
+++ b/www/mnogosearch31/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	mnogosearch
 PORTVERSION=    3.1.12
-PORTREVISION=   1
+PORTREVISION=   2
 CATEGORIES=	www databases
 MASTER_SITES=	http://search.mnogo.ru/Download/
 
diff --git a/www/mnogosearch31/files/patch-ac b/www/mnogosearch31/files/patch-ac
new file mode 100644
index 000000000000..68f8816a275e
--- /dev/null
+++ b/www/mnogosearch31/files/patch-ac
@@ -0,0 +1,25 @@
+--- src/search.c.old	Wed Feb 28 15:28:10 2001
++++ src/search.c	Thu Apr 19 18:02:10 2001
+@@ -1269,7 +1269,8 @@
+ 		strcpy(template,env);
+ 
+ 	if((env=getenv("QUERY_STRING"))){
+-		strcpy(query_string,env);
++		strncpy(query_string,env,UDMSTRSIZ-1);
++		query_string[UDMSTRSIZ-1] = '\0';
+ 		if((env=getenv("REDIRECT_STATUS"))){
+ 
+ 			/* Check Apache internal redirect  */
+@@ -1316,8 +1317,10 @@
+ 		/* or under server which do not   */
+ 		/* pass an empty QUERY_STRING var */
+ 
+-		if(argv[1])
+-			sprintf(query_string,"q=%s",argv[1]);
++		if(argv[1]) {
++			strcpy(query_string, "q=");
++			strncat(query_string, argv[1], UDMSTRSIZ-1-2);
++		}
+ 		if(!template[0])
+ 			sprintf(template,"%s/%s", UDM_CONF_DIR,"search.htm");
+ 	}