aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorstefan <stefan@FreeBSD.org>2011-05-18 04:10:52 +0800
committerstefan <stefan@FreeBSD.org>2011-05-18 04:10:52 +0800
commit7c1ca2baaed1a6a77689456bf5f2cc12d05000e1 (patch)
treeddfaebedb8bad27a437a47d693c3d918b3d8b248
parent6605e7889139d170be8a10c2bfdf508d3e2333c9 (diff)
downloadfreebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.tar.gz
freebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.tar.zst
freebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.zip
- Add patch to properly escape paths and passwords in shell calls.
- While here, remove MD5 from distinfo. Reported by: Keith Waters <keith@waters.co.za> Patch by: Richard Corner Obtained from: https://bugs.launchpad.net/ubuntu/+source/fcrackzip/+bug/350640
-rw-r--r--security/fcrackzip/Makefile1
-rw-r--r--security/fcrackzip/distinfo1
-rw-r--r--security/fcrackzip/files/patch-main.c116
3 files changed, 117 insertions, 1 deletions
diff --git a/security/fcrackzip/Makefile b/security/fcrackzip/Makefile
index 0394cba291b..e9f91a7fdf3 100644
--- a/security/fcrackzip/Makefile
+++ b/security/fcrackzip/Makefile
@@ -7,6 +7,7 @@
PORTNAME= fcrackzip
PORTVERSION= 1.0
+PORTREVISION= 1
CATEGORIES= security archivers
MASTER_SITES= http://oldhome.schmorp.de/data/marc/ \
http://distfiles.macports.org/${PORTNAME}/
diff --git a/security/fcrackzip/distinfo b/security/fcrackzip/distinfo
index e0ccc0781ef..aef6067f472 100644
--- a/security/fcrackzip/distinfo
+++ b/security/fcrackzip/distinfo
@@ -1,3 +1,2 @@
-MD5 (fcrackzip-1.0.tar.gz) = 254941f51759f9425965f4b05fe7ac2c
SHA256 (fcrackzip-1.0.tar.gz) = 4a58c8cb98177514ba17ee30d28d4927918bf0bdc3c94d260adfee44d2d43850
SIZE (fcrackzip-1.0.tar.gz) = 114786
diff --git a/security/fcrackzip/files/patch-main.c b/security/fcrackzip/files/patch-main.c
new file mode 100644
index 00000000000..d1d00e4d5a0
--- /dev/null
+++ b/security/fcrackzip/files/patch-main.c
@@ -0,0 +1,116 @@
+--- main.c.orig 2005-09-10 21:58:44.000000000 +0200
++++ main.c 2011-05-17 21:59:32.000000000 +0200
+@@ -44,13 +44,112 @@
+
+ static FILE *dict_file;
+
++char *
++path_for_shell (char *dest, const char *str)
++{
++ /* backslash shell special charatcers */
++
++ char ch, *p = dest;
++ size_t len = strlen(str);
++ int i;
++
++ for (i = 0; i < len; i++)
++ {
++ ch = str[i];
++
++ switch (ch)
++ {
++ /* ASCII table order */
++ case 0x20: /* space */
++ case '!':
++ case '"':
++ case '#':
++ case '$':
++ case '&':
++ case 0x27: /* single quote */
++ case '(':
++ case ')':
++ case '*':
++ case '+':
++ case 0x2C: /* comma */
++ case ':':
++ case ';':
++ case '<':
++ case '>':
++ case '?':
++ case '[':
++ case '\\':
++ case ']':
++ case '^':
++ case '`':
++ case '{':
++ case '|':
++ case '}':
++ case '~':
++ /* backslash special characters */
++ *p++ = '\\';
++ *p++ = ch;
++ break;
++ default:
++ *p++ = ch;
++ }
++ }
++
++ /* terminate string */
++ *p = '\0';
++
++ return dest;
++}
++
++char *
++escape_pw (char *dest, const char *str)
++{
++ /* backslash shell special charatcers */
++
++ char ch, *p = dest;
++ size_t len = strlen(str);
++ int i;
++
++ for (i = 0; i < len; i++)
++ {
++ ch = str[i];
++
++ switch (ch)
++ {
++ /* ASCII table order */
++ case '"':
++ case '$':
++ case 0x27: /* single quote */
++ case '\\':
++ case '`':
++ /* backslash special characters */
++ *p++ = '\\';
++ *p++ = ch;
++ break;
++ default:
++ *p++ = ch;
++ }
++ }
++
++ /* terminate string */
++ *p = '\0';
++
++ return dest;
++}
++
+ int REGPARAM
+ check_unzip (const char *pw)
+ {
+ char buff[1024];
++ char path[1024];
++ char escpw[256];
+ int status;
+
+- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]);
++ escape_pw (escpw, pw);
++ path_for_shell (path, file_path[0]);
++
++ sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, escpw, path);
++
+ status = system (buff);
+
+ #undef REDIR