From 711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7 Mon Sep 17 00:00:00 2001 From: nectar Date: Wed, 7 Apr 2004 15:17:37 +0000 Subject: The last commit lost previously applied security fixes. Again. Re-apply my fix. Again. Specifically, the GAIM developers have still not addressed the ``Yahoo Octal-Encoding Decoder'' issues. http://www.vuxml.org/freebsd/6fd02439-5d70-11d8-80e3-0020ed76ef5a.html http://security.e-matters.de/advisories/012004.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005 --- net-im/gaim/Makefile | 1 + .../files/patch-src::protocols::yahoo::yahoo.c | 94 ++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c (limited to 'net-im') diff --git a/net-im/gaim/Makefile b/net-im/gaim/Makefile index b4cd411ba60f..080c793c4358 100644 --- a/net-im/gaim/Makefile +++ b/net-im/gaim/Makefile @@ -6,6 +6,7 @@ PORTNAME= gaim PORTVERSION= 0.76 +PORTREVISION= 1 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c new file mode 100644 index 000000000000..2fce1cf7f916 --- /dev/null +++ b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c @@ -0,0 +1,94 @@ +*** ./src/protocols/yahoo/yahoo.c.orig Wed Apr 7 09:54:00 2004 +--- src/protocols/yahoo/yahoo.c Wed Apr 7 09:59:43 2004 +*************** +*** 895,924 **** + } + } + + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! char *n, *new; +! const char *end, *p; +! int i; +! +! n = new = g_malloc(strlen (text) + 1); +! end = text + strlen(text); + +! for (p = text; p < end; p++, n++) { + if (*p == '\\') { +! sscanf(p + 1, "%3o\n", &i); +! *n = i; +! p += 3; +! } +! else +! *n = *p; + } +- + *n = '\0'; +- + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + +--- 895,953 ---- + } + } + ++ ++ static void octal(const char **p, const char *end, unsigned char *n) ++ { ++ int i, c; ++ ++ for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) { ++ c <<= 3; ++ switch (**p) { ++ case '0': break; ++ case '1': c += 1; break; ++ case '2': c += 2; break; ++ case '3': c += 3; break; ++ case '4': c += 4; break; ++ case '5': c += 5; break; ++ case '6': c += 6; break; ++ case '7': c += 7; break; ++ default: ++ if (i == 0) { ++ *n = **p; ++ ++*p; ++ return; ++ } ++ c >>= 3; ++ goto done; ++ } ++ } ++ done: ++ *n = (c > UCHAR_MAX) ? '?' : c; ++ return; ++ } ++ + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! unsigned char *n, *new; +! size_t len; +! const char *p, *end; + +! len = strlen (text); +! p = text; +! end = &text[len]; +! n = new = g_malloc(len + 1); +! while (p < end) { + if (*p == '\\') { +! ++p; +! octal(&p, end, n); +! } else +! *n = *p++; +! ++n; + } + *n = '\0'; + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + -- cgit