summaryrefslogtreecommitdiffstats
path: root/archivers/lha
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2004-09-22 06:16:54 +0000
committerdinoex <dinoex@FreeBSD.org>2004-09-22 06:16:54 +0000
commit37782055c3ba00d0df22ca3f0c55011bd5f8b597 (patch)
treedce4dba92857c849a5f0464108ef5fb4fc864bd8 /archivers/lha
parent98ba5f1abddbe98621721b0fabb751081da80688 (diff)
downloadFreeBSD-ports-37782055c3ba00d0df22ca3f0c55011bd5f8b597.zip
FreeBSD-ports-37782055c3ba00d0df22ca3f0c55011bd5f8b597.tar.gz
- Security Fix
possible off by one bounds check Submitted by: Munehiro Matsuda Approved by: portmgr (marcus)
Diffstat (limited to 'archivers/lha')
-rw-r--r--archivers/lha/Makefile2
-rw-r--r--archivers/lha/files/patch-command_buffer2
-rw-r--r--archivers/lha/files/patch-dir_length_bounds_check4
3 files changed, 4 insertions, 4 deletions
diff --git a/archivers/lha/Makefile b/archivers/lha/Makefile
index 5b44cf1..9cad6f2 100644
--- a/archivers/lha/Makefile
+++ b/archivers/lha/Makefile
@@ -7,7 +7,7 @@
PORTNAME= lha
PORTVERSION= 1.14i
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= archivers
MASTER_SITES= http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//}
diff --git a/archivers/lha/files/patch-command_buffer b/archivers/lha/files/patch-command_buffer
index b7ae9a6..5416429 100644
--- a/archivers/lha/files/patch-command_buffer
+++ b/archivers/lha/files/patch-command_buffer
@@ -133,7 +133,7 @@ diff -urNp src/lhext.c.orig lha-114i/src/lhext.c
+ name[255] = 0;
#else
- sprintf(buf, "%s -> %s", bb1, bb2);
-+ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
++ snprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
warning("Can't make Symbolic Link", buf);
return;
#endif
diff --git a/archivers/lha/files/patch-dir_length_bounds_check b/archivers/lha/files/patch-dir_length_bounds_check
index 7a0ae1e..c9eea39 100644
--- a/archivers/lha/files/patch-dir_length_bounds_check
+++ b/archivers/lha/files/patch-dir_length_bounds_check
@@ -4,14 +4,14 @@
}
if (dir_length) {
-+ if ((dir_length + name_length) > sizeof(dirname)) {
++ if ((dir_length + name_length) >= sizeof(dirname)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
strcat(dirname, hdr->name);
- strcpy(hdr->name, dirname);
+
-+ if ((dir_length + name_length) > sizeof(hdr->name)) {
++ if ((dir_length + name_length) >= sizeof(hdr->name)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
OpenPOWER on IntegriCloud