diff options
author | danfe <danfe@FreeBSD.org> | 2005-02-11 13:33:02 +0000 |
---|---|---|
committer | danfe <danfe@FreeBSD.org> | 2005-02-11 13:33:02 +0000 |
commit | 85ba48d2b92093456664390b94635a9ce0769053 (patch) | |
tree | 34e15b3135f481e086df453ce4238d7f8e248a6f /textproc | |
parent | cd45c291b3fdfacc4e078db16ebe95af7dff1b19 (diff) | |
download | FreeBSD-ports-85ba48d2b92093456664390b94635a9ce0769053.zip FreeBSD-ports-85ba48d2b92093456664390b94635a9ce0769053.tar.gz |
- Attempt to fix the exploitable security issue described at
http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
replacing strcat() with strncat(). Please note that I wasn't able to
reproduce the exploit described at
http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
Feedback from someone who can reproduce the exploit with an unpatched unrtf
would be appreciated
- Bump PORTREVISION
- Remove old master site that doesn't seem to have the distfile any more
VuXML: f2d5e56e-67eb-11d9-a9e7-0001020eed82
PR: ports/76852
Submitted by: Stefan Walter <sw(at)gegenunendlich.de>
Diffstat (limited to 'textproc')
-rw-r--r-- | textproc/unrtf/Makefile | 8 | ||||
-rw-r--r-- | textproc/unrtf/files/patch-convert.c | 11 |
2 files changed, 13 insertions, 6 deletions
diff --git a/textproc/unrtf/Makefile b/textproc/unrtf/Makefile index 36fdaed..f663284 100644 --- a/textproc/unrtf/Makefile +++ b/textproc/unrtf/Makefile @@ -6,18 +6,14 @@ PORTNAME= unrtf PORTVERSION= 0.19.3 +PORTREVISION= 1 CATEGORIES= textproc -MASTER_SITES= http://unrtf.50megs.com/ \ - ${MASTER_SITE_GNU} +MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} MAINTAINER= ports@FreeBSD.org COMMENT= A converter from RTF to several formats, including HTML and LaTeX -FORBIDDEN= http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html -DEPRECATED= ${FORBIDDEN} -EXPIRATION_DATE=2005-02-16 - USE_REINPLACE= yes ALL_TARGET= unrtf diff --git a/textproc/unrtf/files/patch-convert.c b/textproc/unrtf/files/patch-convert.c new file mode 100644 index 0000000..35fa047 --- /dev/null +++ b/textproc/unrtf/files/patch-convert.c @@ -0,0 +1,11 @@ +--- convert.c.orig Sun Jan 30 13:34:16 2005 ++++ convert.c Sun Jan 30 13:35:36 2005 +@@ -341,7 +341,7 @@ + while(w2) { + tmp = word_string (w2); + if (tmp && tmp[0] != '\\') +- strcat(name,tmp); ++ strncat(name,tmp,sizeof(name)-strlen(name)-1); + + w2=w2->next; + } |