diff options
author | simon <simon@FreeBSD.org> | 2004-10-13 10:17:01 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2004-10-13 10:17:01 +0000 |
commit | 05bfbd9228fb1bea3bacae5827be4f787505c0aa (patch) | |
tree | 3eb59d16f647f052450c2433a3ef6a49dc87debc | |
parent | bcd6fbbe7774bf2371c2bb0480691e969462713b (diff) | |
download | FreeBSD-ports-05bfbd9228fb1bea3bacae5827be4f787505c0aa.zip FreeBSD-ports-05bfbd9228fb1bea3bacae5827be4f787505c0aa.tar.gz |
Security update to sharutils:
- Fix two buffer overflows. [1]
- Fix format string handling problems with command line parsing
shar -o. [2]
Obtained from: Gentoo [1] [2]
Patch by: Michael Schröder [2]
VuXML: 26c9e8c6-1c99-11d9-814e-0001020eed82 [1]
Approved by: erwin
-rw-r--r-- | archivers/sharutils/Makefile | 2 | ||||
-rw-r--r-- | archivers/sharutils/files/patch-buffer-check | 98 | ||||
-rw-r--r-- | archivers/sharutils/files/patch-buffer-limits | 59 |
3 files changed, 158 insertions, 1 deletions
diff --git a/archivers/sharutils/Makefile b/archivers/sharutils/Makefile index ebdf3b6..8a73bca 100644 --- a/archivers/sharutils/Makefile +++ b/archivers/sharutils/Makefile @@ -7,7 +7,7 @@ PORTNAME= sharutils PORTVERSION= 4.2.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= sharutils diff --git a/archivers/sharutils/files/patch-buffer-check b/archivers/sharutils/files/patch-buffer-check new file mode 100644 index 0000000..46cf35e --- /dev/null +++ b/archivers/sharutils/files/patch-buffer-check @@ -0,0 +1,98 @@ +Index: src/shar.c +=================================================================== +RCS file: /home/ke/cvsroot/sharutils/src/shar.c,v +retrieving revision 1.22 +diff -u -r1.22 shar.c +--- src/shar.c 2 Dec 2002 20:52:10 -0000 1.22 ++++ src/shar.c 15 May 2004 09:13:16 -0000 +@@ -255,11 +255,11 @@ + /* Position for first file in the shar file. */ + static off_t first_file_position; + +-/* Base for output filename. FIXME: No fix limit in GNU... */ +-static char output_base_name[50]; ++/* Base for output filename. */ ++static char *output_base_name; + +-/* Actual output filename. FIXME: No fix limit in GNU... */ +-static char output_filename[50]; ++/* Actual output filename. */ ++static char *output_filename; + + static char *submitter_address = NULL; + +@@ -1727,7 +1727,12 @@ + static void + open_output () + { +- sprintf (output_filename, output_base_name, ++part_number); ++ size_t l; ++ l = strlen(output_base_name) + 128; ++ if (output_filename) ++ free(output_filename); ++ output_filename = xmalloc(l); ++ snprintf(output_filename, l, output_base_name, ++part_number); + output = fopen (output_filename, "w"); + if (!output) + error (EXIT_FAILURE, errno, _("Opening `%s'"), output_filename); +@@ -1907,6 +1912,42 @@ + file_size_limit = lim; + } + ++ ++char *parse_output_base_name(char *arg) ++{ ++ int c; ++ int hadarg = 0; ++ char *fmt, *p; ++ ++ for (p = arg ; (c = *p++) != 0; ) ++ { ++ if (c != '%') ++ continue; ++ c = *p++; ++ if (c == '%') ++ continue; ++ if (hadarg) ++ return 0; ++ while (c != 0 && strchr("#0+- 'I", c) != 0) ++ c = *p++; ++ while (c != 0 && c >= '0' && c <= '9') ++ c = *p++; ++ if (c == '.') ++ c = *p++; ++ while (c != 0 && c >= '0' && c <= '9') ++ c = *p++; ++ if (c == 0 || strchr("diouxX", c) == 0) ++ return 0; ++ hadarg = 1; ++ } ++ fmt = xmalloc(strlen(arg) + (hadarg ? 1 : 6)); ++ strcpy(fmt, arg); ++ if (!hadarg) ++ strcat(fmt, ".%02d"); ++ return fmt; ++} ++ ++ + /*---. + | ? | + `---*/ +@@ -2047,9 +2088,14 @@ + break; + + case 'o': +- strcpy (output_base_name, optarg); +- if (!strchr (output_base_name, '%')) +- strcat (output_base_name, ".%02d"); ++ if (output_base_name) ++ free (output_base_name); ++ output_base_name = parse_output_base_name(optarg); ++ if (!output_base_name) ++ { ++ fprintf (stderr, _("illegal output prefix\n")); ++ exit (EXIT_FAILURE); ++ } + part_number = 0; + open_output (); + break; diff --git a/archivers/sharutils/files/patch-buffer-limits b/archivers/sharutils/files/patch-buffer-limits new file mode 100644 index 0000000..bbcb8b5 --- /dev/null +++ b/archivers/sharutils/files/patch-buffer-limits @@ -0,0 +1,59 @@ +--- src/shar.c.orig 1999-09-10 21:20:41.000000000 +0200 ++++ src/shar.c 2004-09-29 15:09:40.790061000 +0200 +@@ -1571,7 +1571,7 @@ + sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name); + if (pfp = popen (command, "r"), pfp) + { +- char wc[BUFSIZ]; ++ char wc[BUFSIZ], tempform[50]; + const char *prefix = ""; + + if (did_md5) +@@ -1579,8 +1579,8 @@ + fputs (" else\n", output); + prefix = " "; + } +- +- fscanf (pfp, "%s", wc); ++ sprintf (tempform, "%%%ds", BUFSIZ - 1); ++ fscanf (pfp, tempform, wc); + fprintf (output, "\ + %s shar_count=\"`%s '%s'`\"\n\ + %s test %s -eq \"$shar_count\" ||\n\ +diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c +--- src/unshar.c.orig 1995-11-21 17:22:14.000000000 +0100 ++++ src/unshar.c 2004-09-29 15:09:44.682469264 +0200 +@@ -346,8 +346,8 @@ + { + size_t size_read; + FILE *file; +- char name_buffer[NAME_BUFFER_SIZE]; +- char copy_buffer[NAME_BUFFER_SIZE]; ++ char name_buffer[NAME_BUFFER_SIZE] = {'\0'}; ++ char copy_buffer[NAME_BUFFER_SIZE] = {'\0'}; + int optchar; + + program_name = argv[0]; +@@ -409,14 +409,14 @@ + if (optind < argc) + for (; optind < argc; optind++) + { +- if (argv[optind][0] == '/') +- stpcpy (name_buffer, argv[optind]); +- else +- { +- char *cp = stpcpy (name_buffer, current_directory); +- *cp++ = '/'; +- stpcpy (cp, argv[optind]); +- } ++ if (argv[optind][0] == '/') { ++ strncpy (name_buffer, argv[optind], sizeof(name_buffer)); ++ name_buffer[sizeof(name_buffer)-1] = '\0'; ++ } ++ else { ++ snprintf(name_buffer, sizeof(name_buffer),"%s/%s", current_directory, argv[optind]); ++ name_buffer[sizeof(name_buffer)-1] = '\0'; ++ } + if (file = fopen (name_buffer, "r"), !file) + error (EXIT_FAILURE, errno, name_buffer); + unarchive_shar_file (name_buffer, file); |