Fix query buffer overflow

6 files changed, 36 insertions, 14 deletions

diff --git a/www/mnogosearch/Makefile b/www/mnogosearch/Makefile
index 7bb9ba7..298d4f2 100644
--- a/www/mnogosearch/Makefile
+++ b/www/mnogosearch/Makefile
@@ -7,18 +7,18 @@
 
 PORTNAME=	mnogosearch
 PORTVERSION=    3.1.19
-PORTREVISION=   1
+PORTREVISION=   2
 CATEGORIES=	www databases
-MASTER_SITES=	http://search.mnogo.ru/Download/
+MASTER_SITES=   http://www.mnogosearch.org/Download/
 
 MAINTAINER=	ache@FreeBSD.org
 
 MAN1=		indexer.1
 MAN5=		indexer.conf.5
 
+USE_LIBTOOL=    yes
 INSTALLS_SHLIB= yes
 USE_GMAKE=	yes
-GNU_CONFIGURE=	yes
 CONFIGURE_ARGS= --enable-phrase \
 		--enable-shared \
 		--enable-freebsd-pthreads \
diff --git a/www/mnogosearch/files/patch-ac b/www/mnogosearch/files/patch-ac
index 1fbce5b..673785c 100644
--- a/www/mnogosearch/files/patch-ac
+++ b/www/mnogosearch/files/patch-ac
@@ -1,6 +1,6 @@
---- src/search.c.bak	Tue May 15 13:08:14 2001
-+++ src/search.c	Fri May 18 16:22:44 2001
-@@ -1239,7 +1239,7 @@
+--- src/search.c.orig	Tue Jun 26 12:55:17 2001
++++ src/search.c	Wed May 15 11:29:07 2002
+@@ -1246,7 +1246,7 @@
  int i;
  time_t tclock;
  	tclock=time(0);
@@ -9,3 +9,14 @@
  	for(i=0;i<MAXRANDOM;i++)
  		Randoms[i]=0;
  }
+@@ -1404,6 +1404,10 @@
+ 		if(!UDM_STRNCMP(token,"q=")){
+ 			char str[UDMSTRSIZ]="";
+ 			query_words=strdup(UdmUnescapeCGIQuery(str,token+2));
++			if (strlen(query_words) > 512) {
++				printf("<html><body>Query string too long!</body></html>\n");
++				return(0);
++			}
+ 			query_url_escaped=strdup(UdmEscapeURL(str,query_words));
+ 			query_form_escaped=UdmHtmlSpecialChars(query_words);
+ 		}else
diff --git a/www/mnogosearch/pkg-descr b/www/mnogosearch/pkg-descr
index 66b00be..a8a7228 100644
--- a/www/mnogosearch/pkg-descr
+++ b/www/mnogosearch/pkg-descr
@@ -4,4 +4,4 @@ engines such as cooking recipies or searching newspaper articles.
 
 Provides pre-built web search frontends in C (via CGI) and PHP.
 
-WWW: http://search.mnoGo.ru/
+WWW: http://www.mnogosearch.org/
diff --git a/www/mnogosearch31/Makefile b/www/mnogosearch31/Makefile
index 7bb9ba7..298d4f2 100644
--- a/www/mnogosearch31/Makefile
+++ b/www/mnogosearch31/Makefile
@@ -7,18 +7,18 @@
 
 PORTNAME=	mnogosearch
 PORTVERSION=    3.1.19
-PORTREVISION=   1
+PORTREVISION=   2
 CATEGORIES=	www databases
-MASTER_SITES=	http://search.mnogo.ru/Download/
+MASTER_SITES=   http://www.mnogosearch.org/Download/
 
 MAINTAINER=	ache@FreeBSD.org
 
 MAN1=		indexer.1
 MAN5=		indexer.conf.5
 
+USE_LIBTOOL=    yes
 INSTALLS_SHLIB= yes
 USE_GMAKE=	yes
-GNU_CONFIGURE=	yes
 CONFIGURE_ARGS= --enable-phrase \
 		--enable-shared \
 		--enable-freebsd-pthreads \
diff --git a/www/mnogosearch31/files/patch-ac b/www/mnogosearch31/files/patch-ac
index 1fbce5b..673785c 100644
--- a/www/mnogosearch31/files/patch-ac
+++ b/www/mnogosearch31/files/patch-ac
@@ -1,6 +1,6 @@
---- src/search.c.bak	Tue May 15 13:08:14 2001
-+++ src/search.c	Fri May 18 16:22:44 2001
-@@ -1239,7 +1239,7 @@
+--- src/search.c.orig	Tue Jun 26 12:55:17 2001
++++ src/search.c	Wed May 15 11:29:07 2002
+@@ -1246,7 +1246,7 @@
  int i;
  time_t tclock;
  	tclock=time(0);
@@ -9,3 +9,14 @@
  	for(i=0;i<MAXRANDOM;i++)
  		Randoms[i]=0;
  }
+@@ -1404,6 +1404,10 @@
+ 		if(!UDM_STRNCMP(token,"q=")){
+ 			char str[UDMSTRSIZ]="";
+ 			query_words=strdup(UdmUnescapeCGIQuery(str,token+2));
++			if (strlen(query_words) > 512) {
++				printf("<html><body>Query string too long!</body></html>\n");
++				return(0);
++			}
+ 			query_url_escaped=strdup(UdmEscapeURL(str,query_words));
+ 			query_form_escaped=UdmHtmlSpecialChars(query_words);
+ 		}else
diff --git a/www/mnogosearch31/pkg-descr b/www/mnogosearch31/pkg-descr
index 66b00be..a8a7228 100644
--- a/www/mnogosearch31/pkg-descr
+++ b/www/mnogosearch31/pkg-descr
@@ -4,4 +4,4 @@ engines such as cooking recipies or searching newspaper articles.
 
 Provides pre-built web search frontends in C (via CGI) and PHP.
 
-WWW: http://search.mnoGo.ru/
+WWW: http://www.mnogosearch.org/