diff options
author | nectar <nectar@FreeBSD.org> | 2004-04-07 23:17:37 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-04-07 23:17:37 +0800 |
commit | 711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7 (patch) | |
tree | 1fc3b9df4c73afe881be6946ff478186ebc8f16e /net/gaim | |
parent | d1373280ee721e2966fb7b93b763c955c087f363 (diff) | |
download | freebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.tar.gz freebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.tar.zst freebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.zip |
The last commit lost previously applied security fixes. Again.
Re-apply my fix. Again.
Specifically, the GAIM developers have still not addressed the
``Yahoo Octal-Encoding Decoder'' issues.
http://www.vuxml.org/freebsd/6fd02439-5d70-11d8-80e3-0020ed76ef5a.html
http://security.e-matters.de/advisories/012004.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005
Diffstat (limited to 'net/gaim')
-rw-r--r-- | net/gaim/Makefile | 1 | ||||
-rw-r--r-- | net/gaim/files/patch-src::protocols::yahoo::yahoo.c | 94 |
2 files changed, 95 insertions, 0 deletions
diff --git a/net/gaim/Makefile b/net/gaim/Makefile index b4cd411ba60..080c793c435 100644 --- a/net/gaim/Makefile +++ b/net/gaim/Makefile @@ -6,6 +6,7 @@ PORTNAME= gaim PORTVERSION= 0.76 +PORTREVISION= 1 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/net/gaim/files/patch-src::protocols::yahoo::yahoo.c b/net/gaim/files/patch-src::protocols::yahoo::yahoo.c new file mode 100644 index 00000000000..2fce1cf7f91 --- /dev/null +++ b/net/gaim/files/patch-src::protocols::yahoo::yahoo.c @@ -0,0 +1,94 @@ +*** ./src/protocols/yahoo/yahoo.c.orig Wed Apr 7 09:54:00 2004 +--- src/protocols/yahoo/yahoo.c Wed Apr 7 09:59:43 2004 +*************** +*** 895,924 **** + } + } + + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! char *n, *new; +! const char *end, *p; +! int i; +! +! n = new = g_malloc(strlen (text) + 1); +! end = text + strlen(text); + +! for (p = text; p < end; p++, n++) { + if (*p == '\\') { +! sscanf(p + 1, "%3o\n", &i); +! *n = i; +! p += 3; +! } +! else +! *n = *p; + } +- + *n = '\0'; +- + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + +--- 895,953 ---- + } + } + ++ ++ static void octal(const char **p, const char *end, unsigned char *n) ++ { ++ int i, c; ++ ++ for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) { ++ c <<= 3; ++ switch (**p) { ++ case '0': break; ++ case '1': c += 1; break; ++ case '2': c += 2; break; ++ case '3': c += 3; break; ++ case '4': c += 4; break; ++ case '5': c += 5; break; ++ case '6': c += 6; break; ++ case '7': c += 7; break; ++ default: ++ if (i == 0) { ++ *n = **p; ++ ++*p; ++ return; ++ } ++ c >>= 3; ++ goto done; ++ } ++ } ++ done: ++ *n = (c > UCHAR_MAX) ? '?' : c; ++ return; ++ } ++ + #define OUT_CHARSET "utf-8" + + static char *yahoo_decode(const char *text) + { + char *converted; +! unsigned char *n, *new; +! size_t len; +! const char *p, *end; + +! len = strlen (text); +! p = text; +! end = &text[len]; +! n = new = g_malloc(len + 1); +! while (p < end) { + if (*p == '\\') { +! ++p; +! octal(&p, end, n); +! } else +! *n = *p++; +! ++n; + } + *n = '\0'; + converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); + g_free(new); + |