diff options
author | jkoshy <jkoshy@FreeBSD.org> | 2005-10-21 08:15:53 +0000 |
---|---|---|
committer | jkoshy <jkoshy@FreeBSD.org> | 2005-10-21 08:15:53 +0000 |
commit | 6539c601c010cbaa17669663995ce1d806b342ee (patch) | |
tree | 28594816c00ecb1388f210bc0b25cd74bdd8eee4 /graphics/xli | |
parent | 18c252a66f55329e32f77b7c17baaf45596ceb43 (diff) | |
download | FreeBSD-ports-6539c601c010cbaa17669663995ce1d806b342ee.zip FreeBSD-ports-6539c601c010cbaa17669663995ce1d806b342ee.tar.gz |
Fix a few potential buffer overflows in this port.
Security: CAN-2005-3178 (for xloadimage)
Prodded by: naddy
Diffstat (limited to 'graphics/xli')
-rw-r--r-- | graphics/xli/Makefile | 2 | ||||
-rw-r--r-- | graphics/xli/files/patch-reduce.c | 11 | ||||
-rw-r--r-- | graphics/xli/files/patch-rotate.c | 23 | ||||
-rw-r--r-- | graphics/xli/files/patch-tga.c | 11 | ||||
-rw-r--r-- | graphics/xli/files/patch-zoom.c | 33 |
5 files changed, 79 insertions, 1 deletions
diff --git a/graphics/xli/Makefile b/graphics/xli/Makefile index 8b69508..85c9b91 100644 --- a/graphics/xli/Makefile +++ b/graphics/xli/Makefile @@ -7,7 +7,7 @@ PORTNAME= xli PORTVERSION= 1.17.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= graphics MASTER_SITES= http://pantransit.reptiles.org/prog/xli/ \ ${MASTER_SITE_XCONTRIB} diff --git a/graphics/xli/files/patch-reduce.c b/graphics/xli/files/patch-reduce.c new file mode 100644 index 0000000..49a98c4 --- /dev/null +++ b/graphics/xli/files/patch-reduce.c @@ -0,0 +1,11 @@ +--- reduce.c.orig Thu Oct 13 04:36:44 2005 ++++ reduce.c Thu Oct 13 04:37:02 2005 +@@ -178,7 +178,7 @@ + /* get destination image */ + depth = colorsToDepth(OutColors); + new_image = newRGBImage(image->width, image->height, depth); +- sprintf(buf, "%s (%d colors)", image->title, OutColors); ++ snprintf(buf, sizeof(buf), "%s (%d colors)", image->title, OutColors); + new_image->title = dupString(buf); + new_image->gamma = image->gamma; + diff --git a/graphics/xli/files/patch-rotate.c b/graphics/xli/files/patch-rotate.c new file mode 100644 index 0000000..53d98fe --- /dev/null +++ b/graphics/xli/files/patch-rotate.c @@ -0,0 +1,23 @@ +--- rotate.c.orig Thu Oct 13 04:39:08 2005 ++++ rotate.c Thu Oct 13 04:40:11 2005 +@@ -43,7 +43,7 @@ + int dlinelen; /* Length of destination line */ + int bit[8]; /* Array of hex values */ + int x, y; +- int i, b; ++ int i, b, tlen; + int newi, newb; + byte **yptr; + +@@ -168,8 +168,9 @@ + freeImage(simage); + simage = dimage; + } +- dimage->title = (char *) lmalloc(strlen(iimage->title) + 40); +- sprintf(dimage->title, "%s (rotated by %d degrees)", iimage->title, rot); ++ tlen = strlen(iimage->title) + 40; ++ dimage->title = (char *) lmalloc(tlen); ++ snprintf(dimage->title, tlen, "%s (rotated by %d degrees)", iimage->title, rot); + dimage->gamma = iimage->gamma; + if (verbose) + printf("done\n"); diff --git a/graphics/xli/files/patch-tga.c b/graphics/xli/files/patch-tga.c new file mode 100644 index 0000000..d42ddbd --- /dev/null +++ b/graphics/xli/files/patch-tga.c @@ -0,0 +1,11 @@ +--- tga.c.orig Thu Oct 13 04:41:39 2005 ++++ tga.c Thu Oct 13 04:42:08 2005 +@@ -116,7 +116,7 @@ + char colors[40]; + + if (hp->ImgType == TGA_Map || hp->ImgType == TGA_RLEMap) +- sprintf(colors," with %d colors",hp->Length); ++ snprintf(colors,sizeof(colors)," with %d colors",hp->Length); + else + colors[0] = '\000'; + diff --git a/graphics/xli/files/patch-zoom.c b/graphics/xli/files/patch-zoom.c new file mode 100644 index 0000000..2543667 --- /dev/null +++ b/graphics/xli/files/patch-zoom.c @@ -0,0 +1,33 @@ +--- zoom.c.orig Thu Oct 13 04:42:36 2005 ++++ zoom.c Thu Oct 13 04:43:47 2005 +@@ -52,26 +52,26 @@ + if (verbose) + printf(" Zooming image Y axis by %d%%...", yzoom); + if (changetitle) +- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom); ++ snprintf(buf, sizeof(buf), "%s (Y zoom %d%%)", oimage->title, yzoom); + } + else if (!yzoom) { + if (verbose) + printf(" Zooming image X axis by %d%%...", xzoom); + if (changetitle) +- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom); ++ snprintf(buf, sizeof(buf), "%s (X zoom %d%%)", oimage->title, xzoom); + } + else if (xzoom == yzoom) { + if (verbose) + printf(" Zooming image by %d%%...", xzoom); + if (changetitle) +- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom); ++ snprintf(buf, sizeof(buf), "%s (%d%% zoom)", oimage->title, xzoom); + } + else { + if (verbose) + printf(" Zooming image X axis by %d%% and Y axis by %d%%...", + xzoom, yzoom); + if (changetitle) +- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, ++ snprintf(buf, sizeof(buf), "%s (X zoom %d%% Y zoom %d%%)", oimage->title, + xzoom, yzoom); + } + if (!changetitle) |