diff options
| author | kris <kris@FreeBSD.org> | 2001-03-11 07:21:52 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2001-03-11 07:21:52 +0000 |
| commit | eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564 (patch) | |
| tree | f3b6ceb6db7b45570bb24c7f421ebab283c55198 /audio/icecast2/files | |
| parent | 1e12aa05eaaa4ef6e6046828b112ee505df10b75 (diff) | |
| download | FreeBSD-ports-eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564.zip FreeBSD-ports-eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564.tar.gz | |
Fix most of the format string abuses including those which are known to
cause a security vulnerabilities. Not fixed are a number of more subtle
cases which may or may not allow security violations (I don't have time
to conduct a thorough audit now), and which are difficult/impossible to
fix anyway without something like fmtcheck(). Document this in
pkg-install and remove FORBIDDEN tag.
Diffstat (limited to 'audio/icecast2/files')
| -rw-r--r-- | audio/icecast2/files/patch-aa | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/audio/icecast2/files/patch-aa b/audio/icecast2/files/patch-aa new file mode 100644 index 0000000..bd3c746 --- /dev/null +++ b/audio/icecast2/files/patch-aa @@ -0,0 +1,67 @@ +--- src/http.c.orig Wed Jul 5 10:41:27 2000 ++++ src/http.c Sat Mar 10 23:03:45 2001 +@@ -710,7 +710,7 @@ + if (fd < 0) + sock_write (clicon->sock, "%s", out); + else +- fd_write (fd, out); ++ fd_write (fd, "%s", out); + + return 1; + } else { +--- src/utility.c.orig Wed Jul 5 12:52:40 2000 ++++ src/utility.c Sat Mar 10 23:01:37 2001 +@@ -162,7 +162,7 @@ + + if (!param) { + fd_write (info.statsfile, +- buf); ++ "%s", buf); + flags2string (admin, NULL); + fd_write (info.statsfile, "\n"); + } else { +@@ -198,7 +198,7 @@ + nice_time (get_time () - con->connect_time, timebuf), type); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } +@@ -223,7 +223,7 @@ + source->num_clients); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } +@@ -257,7 +257,7 @@ + } + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + +@@ -267,7 +267,7 @@ + source->audiocast.mount, source->audiocast.description, source->audiocast.public); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + +@@ -330,7 +330,7 @@ + get_user_agent (con), client->type == listener_e ? "listener" : "relay"); + + if (!param) +- fd_write(info.statsfile, buf); ++ fd_write(info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } |
