diff options
| author | Thomas Zander <riggs@FreeBSD.org> | 2024-05-01 19:52:46 +0000 |
|---|---|---|
| committer | Thomas Zander <riggs@FreeBSD.org> | 2024-05-01 19:55:30 +0000 |
| commit | 8763fb2f27d9b163b8981a8317a6cc6c890d5999 (patch) | |
| tree | 4142162da87e128ee74a886fcc28c6fa2e1ad536 | |
| parent | 642ed2197883ceb5900a65f829006ad11f416e88 (diff) | |
| download | ports-8763fb2f27d9b163b8981a8317a6cc6c890d5999.tar.gz ports-8763fb2f27d9b163b8981a8317a6cc6c890d5999.zip | |
korean/hcode: Fix buffer overflow in mail.c
Reported by: Wolfgang Frisch <wfrisch@suse.de>
MFH: 2024Q2
Security: CVE-2024-34020
(cherry picked from commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01)
| -rw-r--r-- | korean/hcode/Makefile | 2 | ||||
| -rw-r--r-- | korean/hcode/files/patch-mail.c | 34 |
2 files changed, 23 insertions, 13 deletions
diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile index c881a07a90ee..d268b08c41c6 100644 --- a/korean/hcode/Makefile +++ b/korean/hcode/Makefile @@ -1,6 +1,6 @@ PORTNAME= hcode PORTVERSION= 2.1.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= korean MASTER_SITES= http://ftp.kaist.ac.kr/hangul/incoming/ \ ftp://ftp.kaist.ac.kr/hangul/incoming/ \ diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c index 9c9f5136dff3..57bc6ab2837e 100644 --- a/korean/hcode/files/patch-mail.c +++ b/korean/hcode/files/patch-mail.c @@ -1,15 +1,16 @@ ---- mail.c.orig 1998-03-11 05:02:22.000000000 -0500 -+++ mail.c 2013-06-12 20:06:21.000000000 -0400 -@@ -1,4 +1,8 @@ +--- mail.c.orig 1998-03-11 10:02:22 UTC ++++ mail.c +@@ -1,5 +1,9 @@ +#include <ctype.h> #include <stdio.h> +#include <string.h> -+ -+static int ks2iso(unsigned char *, FILE *); ++static int ks2iso(unsigned char *, FILE *); ++ /* ------------------------------------------------------ Search for Starting Mark and print out (ENGLISH) prologue -@@ -66,9 +70,8 @@ + mark : Starting Code +@@ -66,9 +70,8 @@ FILE *fpin, *fpout; #define SI '\017' #define SO '\016' @@ -21,7 +22,7 @@ { int mode=ASCII; int i=0; -@@ -172,8 +175,8 @@ +@@ -172,8 +175,8 @@ void (*prwc)(); if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL) /* no message body */ return(1); /* header only (6/8/96) */ @@ -32,7 +33,7 @@ header_switch(iptr,fpout); continue; } -@@ -186,7 +189,7 @@ +@@ -186,7 +189,7 @@ void (*prwc)(); while ( charset[++i] != NULL ) { sprintf(encode_prefix,"=?%s?B?",charset[i]); @@ -41,7 +42,7 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Bencode, -@@ -195,7 +198,7 @@ +@@ -195,7 +198,7 @@ void (*prwc)(); } sprintf(encode_prefix,"=?%s?Q?",charset[i]); @@ -50,7 +51,16 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Qencode, -@@ -250,15 +253,15 @@ +@@ -238,7 +241,7 @@ int outCode; + unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN]; + unsigned char *iptr, *tptr; + +- if ( cp >= HDR_BUF_LEN ) { ++ if ( cp >= (HDR_BUF_LEN-8) ) { + pr2m(Printwc,fpout,outCode); + return; + } +@@ -250,15 +253,15 @@ int outCode; return; } ibuf[cp++] = '\n'; @@ -69,7 +79,7 @@ string_to_base64(obuf, tbuf); fprintf(fpout,"=?EUC-KR?B?%s?=",obuf); } -@@ -342,12 +345,12 @@ +@@ -342,12 +345,12 @@ void (*prwc)(); only checks if there's any whitespace or '?'. */ @@ -85,7 +95,7 @@ iptr+=2; if ( encoding == Bencode) base64_to_string(obuf, tbuf); -@@ -495,7 +498,7 @@ +@@ -495,7 +498,7 @@ void header_switch(iptr,fpout) /* void header_switch(iptr0,fpout,name_len) */ void header_switch(iptr,fpout) /* unsigned char **iptr0; */ |