summaryrefslogtreecommitdiffstats
path: root/www/neon29/files
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-05-19 20:22:03 +0000
committernectar <nectar@FreeBSD.org>2004-05-19 20:22:03 +0000
commit8115b3a5cb97f46f0d4fdb87d47d06a75a0f763b (patch)
treed5c62add9c1683ee9b77d04a9043a8c7e2e9b5c6 /www/neon29/files
parent232a5bdcfe8f94f45b21919e8faea9b02313127d (diff)
downloadFreeBSD-ports-8115b3a5cb97f46f0d4fdb87d47d06a75a0f763b.zip
FreeBSD-ports-8115b3a5cb97f46f0d4fdb87d47d06a75a0f763b.tar.gz
Correct an exploitable vulnerability in neon's date parsing.
http://vuxml.freebsd.org/8d075001-a9ce-11d8-9c6d-0020ed76ef5a.html The patch was supplied by Joe Orton.
Diffstat (limited to 'www/neon29/files')
-rw-r--r--www/neon29/files/patch-ne_dates.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/www/neon29/files/patch-ne_dates.c b/www/neon29/files/patch-ne_dates.c
new file mode 100644
index 0000000..2a1ba4a
--- /dev/null
+++ b/www/neon29/files/patch-ne_dates.c
@@ -0,0 +1,43 @@
+Index: src/ne_dates.c
+===================================================================
+RCS file: /home/cvs/neon/src/ne_dates.c,v
+retrieving revision 1.28.2.1
+diff -u -r1.28.2.1 ne_dates.c
+--- src/ne_dates.c 2 May 2004 16:00:35 -0000 1.28.2.1
++++ src/ne_dates.c 2 May 2004 18:21:53 -0000
+@@ -47,7 +47,7 @@
+ /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
+ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
+ /* RFC850: Sunday, 06-Nov-94 08:49:37 GMT */
+-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
++#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
+ /* asctime: Wed Jun 30 21:49:08 1993 */
+ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
+
+@@ -133,7 +133,7 @@
+ time_t ne_rfc1123_parse(const char *date)
+ {
+ struct tm gmt = {0};
+- static char wkday[4], mon[4];
++ char wkday[4], mon[4];
+ int n;
+ /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */
+ n = sscanf(date, RFC1123_FORMAT,
+@@ -156,7 +156,7 @@
+ {
+ struct tm gmt = {0};
+ int n;
+- static char wkday[10], mon[4];
++ char wkday[11], mon[4];
+ /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
+ n = sscanf(date, RFC1036_FORMAT,
+ wkday, &gmt.tm_mday, mon, &gmt.tm_year,
+@@ -189,7 +189,7 @@
+ {
+ struct tm gmt = {0};
+ int n;
+- static char wkday[4], mon[4];
++ char wkday[4], mon[4];
+ n = sscanf(date, ASCTIME_FORMAT,
+ wkday, mon, &gmt.tm_mday,
+ &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
OpenPOWER on IntegriCloud