diff options
author | dinoex <dinoex@FreeBSD.org> | 2004-09-22 06:16:54 +0000 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2004-09-22 06:16:54 +0000 |
commit | 37782055c3ba00d0df22ca3f0c55011bd5f8b597 (patch) | |
tree | dce4dba92857c849a5f0464108ef5fb4fc864bd8 /archivers/lha | |
parent | 98ba5f1abddbe98621721b0fabb751081da80688 (diff) | |
download | FreeBSD-ports-37782055c3ba00d0df22ca3f0c55011bd5f8b597.zip FreeBSD-ports-37782055c3ba00d0df22ca3f0c55011bd5f8b597.tar.gz |
- Security Fix
possible off by one bounds check
Submitted by: Munehiro Matsuda
Approved by: portmgr (marcus)
Diffstat (limited to 'archivers/lha')
-rw-r--r-- | archivers/lha/Makefile | 2 | ||||
-rw-r--r-- | archivers/lha/files/patch-command_buffer | 2 | ||||
-rw-r--r-- | archivers/lha/files/patch-dir_length_bounds_check | 4 |
3 files changed, 4 insertions, 4 deletions
diff --git a/archivers/lha/Makefile b/archivers/lha/Makefile index 5b44cf1..9cad6f2 100644 --- a/archivers/lha/Makefile +++ b/archivers/lha/Makefile @@ -7,7 +7,7 @@ PORTNAME= lha PORTVERSION= 1.14i -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= archivers MASTER_SITES= http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//} diff --git a/archivers/lha/files/patch-command_buffer b/archivers/lha/files/patch-command_buffer index b7ae9a6..5416429 100644 --- a/archivers/lha/files/patch-command_buffer +++ b/archivers/lha/files/patch-command_buffer @@ -133,7 +133,7 @@ diff -urNp src/lhext.c.orig lha-114i/src/lhext.c + name[255] = 0; #else - sprintf(buf, "%s -> %s", bb1, bb2); -+ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); ++ snprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); warning("Can't make Symbolic Link", buf); return; #endif diff --git a/archivers/lha/files/patch-dir_length_bounds_check b/archivers/lha/files/patch-dir_length_bounds_check index 7a0ae1e..c9eea39 100644 --- a/archivers/lha/files/patch-dir_length_bounds_check +++ b/archivers/lha/files/patch-dir_length_bounds_check @@ -4,14 +4,14 @@ } if (dir_length) { -+ if ((dir_length + name_length) > sizeof(dirname)) { ++ if ((dir_length + name_length) >= sizeof(dirname)) { + fprintf(stderr, "Insufficient buffer size\n"); + exit(112); + } strcat(dirname, hdr->name); - strcpy(hdr->name, dirname); + -+ if ((dir_length + name_length) > sizeof(hdr->name)) { ++ if ((dir_length + name_length) >= sizeof(hdr->name)) { + fprintf(stderr, "Insufficient buffer size\n"); + exit(112); + } |