From 97852d550797f153d62e67632e69f777926702c5 Mon Sep 17 00:00:00 2001
From: dougb <dougb@FreeBSD.org>
Date: Tue, 25 Sep 2001 07:08:47 +0000
Subject: This patch comes from the ht://Dig maintainers, and fixes a possible
 security vulnerability. Quoting from their e-mail announcement:

	There is a security vulnerability in all versions of
	htsearch between 3.1.0b2 and 3.1.5 . . . The hole can
	allow a remote user to pick a file on your system for
	the config file that the UID running the webserver
	can read.

With a default ports install the httpd user should be nobody, which
makes the vulnerability small.
---
 textproc/htdig/files/patch-htsearch_cc | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 textproc/htdig/files/patch-htsearch_cc

(limited to 'textproc/htdig')

diff --git a/textproc/htdig/files/patch-htsearch_cc b/textproc/htdig/files/patch-htsearch_cc
new file mode 100644
index 0000000..5a92dba
--- /dev/null
+++ b/textproc/htdig/files/patch-htsearch_cc
@@ -0,0 +1,24 @@
+--- htsearch/htsearch.cc.Dist	Thu Feb 24 18:29:11 2000
++++ htsearch/htsearch.cc	Mon Sep 24 23:57:28 2001
+@@ -77,9 +77,18 @@
+  	switch (c)
+  	{
+  	    case 'c':
+- 		configFile = optarg;
+-                 override_config=1;
+- 		break;
++	      // The default is obviously to do this securely
++	      // but if people want to shoot themselves in the foot...
++#ifndef ALLOW_INSECURE_CGI_CONFIG
++	      if (!getenv("REQUEST_METHOD"))
++		{
++#endif
++		  configFile = optarg;
++		  override_config=1;
++#ifndef ALLOW_INSECURE_CGI_CONFIG
++		}
++#endif
++	      break;
+  	    case 'v':
+  		debug++;
+  		break;
-- 
cgit v1.1