diff options
author | simon <simon@FreeBSD.org> | 2005-04-22 17:58:25 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-04-22 17:58:25 +0000 |
commit | 40aaae3b1a1d28c6d66879c0715f928ae8d8dbaa (patch) | |
tree | 081bd1bd93ef89017d0a5e44074b9888d47f0e37 /contrib/cvs/src | |
parent | 9911d38fb2ae2c3a2bdafa0e207ad42e63f04ae8 (diff) | |
download | FreeBSD-src-40aaae3b1a1d28c6d66879c0715f928ae8d8dbaa.zip FreeBSD-src-40aaae3b1a1d28c6d66879c0715f928ae8d8dbaa.tar.gz |
Correct multiple security related errors: a buffer overflow, NULL
pointer dereferences, possible use of uninitialized variables, and
memory leaks.
Security: CAN-2005-0753
Security: FreeBSD-SA-05:05.cvs
Approved by: peter
Diffstat (limited to 'contrib/cvs/src')
-rw-r--r-- | contrib/cvs/src/login.c | 2 | ||||
-rw-r--r-- | contrib/cvs/src/patch.c | 9 | ||||
-rw-r--r-- | contrib/cvs/src/rcs.c | 9 |
3 files changed, 12 insertions, 8 deletions
diff --git a/contrib/cvs/src/login.c b/contrib/cvs/src/login.c index 2b8bbea..86705ea 100644 --- a/contrib/cvs/src/login.c +++ b/contrib/cvs/src/login.c @@ -116,7 +116,7 @@ password_entry_parseline (cvsroot_canonical, warn, linenumber, linebuf) if (isspace(*(linebuf + 1))) /* special case since strtoul ignores leading white space */ - entry_version = 0; + q = linebuf + 1; else entry_version = strtoul (linebuf + 1, &q, 10); diff --git a/contrib/cvs/src/patch.c b/contrib/cvs/src/patch.c index cba6a8a..7d99f29 100644 --- a/contrib/cvs/src/patch.c +++ b/contrib/cvs/src/patch.c @@ -10,6 +10,8 @@ * Create a Larry Wall format "patch" file between a previous release and the * current head of a module, or between two releases. Can specify the * release as either a date or a revision number. + * + * $FreeBSD$ */ #include <assert.h> @@ -385,6 +387,7 @@ patch_fileproc (callerdat, finfo) struct utimbuf t; char *vers_tag, *vers_head; char *rcs = NULL; + char *rcs_orig = NULL; RCSNode *rcsfile; FILE *fp1, *fp2, *fp3; int ret = 0; @@ -415,7 +418,7 @@ patch_fileproc (callerdat, finfo) if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC)) isattic = 1; - rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5); + rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5); (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT); /* if vers_head is NULL, may have been removed from the release */ @@ -757,8 +760,8 @@ failed to read diff file header %s for %s: end of file", tmpfile3, rcs); free (vers_tag); if (vers_head != NULL) free (vers_head); - if (rcs != NULL) - free (rcs); + if (rcs_orig) + free (rcs_orig); return ret; } diff --git a/contrib/cvs/src/rcs.c b/contrib/cvs/src/rcs.c index f60d02e..1d3c1fd 100644 --- a/contrib/cvs/src/rcs.c +++ b/contrib/cvs/src/rcs.c @@ -3041,8 +3041,7 @@ RCS_getdate (rcs, date, force_tag_match) if (retval != NULL) return (retval); - if (!force_tag_match || - (vers != NULL && RCS_datecmp (vers->date, date) <= 0)) + if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0)) return xstrdup (vers->version); else return NULL; @@ -4139,7 +4138,7 @@ RCS_checkout (rcs, workfile, rev, nametag, options, sout, pfn, callerdat) size_t len; int free_value = 0; char *log = NULL; - size_t loglen; + size_t loglen = 0; Node *vp = NULL; #ifdef PRESERVE_PERMISSIONS_SUPPORT uid_t rcs_owner = (uid_t) -1; @@ -7457,7 +7456,7 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen) for (ln = 0; ln < headlines.nlines; ++ln) { - char buf[80]; + char *buf; /* Period which separates year from month in date. */ char *ym; /* Period which separates month from day in date. */ @@ -7468,10 +7467,12 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen) if (prvers == NULL) prvers = vers; + buf = xmalloc (strlen (prvers->version) + 24); sprintf (buf, "%-12s (%-8.8s ", prvers->version, prvers->author); cvs_output (buf, 0); + free (buf); /* Now output the date. */ ym = strchr (prvers->date, '.'); |