From 8763fb2f27d9b163b8981a8317a6cc6c890d5999 Mon Sep 17 00:00:00 2001
From: Thomas Zander <riggs@FreeBSD.org>
Date: Wed, 1 May 2024 21:52:46 +0200
Subject: korean/hcode: Fix buffer overflow in mail.c

Reported by:	Wolfgang Frisch <wfrisch@suse.de>
MFH:		2024Q2
Security:	CVE-2024-34020

(cherry picked from commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01)
---
 korean/hcode/Makefile           |  2 +-
 korean/hcode/files/patch-mail.c | 34 ++++++++++++++++++++++------------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile
index c881a07a90ee..d268b08c41c6 100644
--- a/korean/hcode/Makefile
+++ b/korean/hcode/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	hcode
 PORTVERSION=	2.1.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	korean
 MASTER_SITES=	http://ftp.kaist.ac.kr/hangul/incoming/ \
 		ftp://ftp.kaist.ac.kr/hangul/incoming/ \
diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c
index 9c9f5136dff3..57bc6ab2837e 100644
--- a/korean/hcode/files/patch-mail.c
+++ b/korean/hcode/files/patch-mail.c
@@ -1,15 +1,16 @@
---- mail.c.orig	1998-03-11 05:02:22.000000000 -0500
-+++ mail.c	2013-06-12 20:06:21.000000000 -0400
-@@ -1,4 +1,8 @@
+--- mail.c.orig	1998-03-11 10:02:22 UTC
++++ mail.c
+@@ -1,5 +1,9 @@
 +#include <ctype.h>
  #include <stdio.h>
 +#include <string.h>
-+
-+static int	ks2iso(unsigned char *, FILE *);
  
++static int	ks2iso(unsigned char *, FILE *);
++
  /* ------------------------------------------------------
      Search for Starting Mark and print out (ENGLISH) prologue
-@@ -66,9 +70,8 @@
+     mark : Starting Code
+@@ -66,9 +70,8 @@ FILE *fpin, *fpout;
  #define SI '\017'
  #define SO '\016'
  
@@ -21,7 +22,7 @@
  {
      int mode=ASCII;
      int i=0;
-@@ -172,8 +175,8 @@
+@@ -172,8 +175,8 @@ void (*prwc)();
          if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL)  /* no message body  */ 
             return(1);                       /* header only (6/8/96)  */
  
@@ -32,7 +33,7 @@
               header_switch(iptr,fpout);
               continue;
          }
-@@ -186,7 +189,7 @@
+@@ -186,7 +189,7 @@ void (*prwc)();
              while ( charset[++i]  != NULL ) {
  
                  sprintf(encode_prefix,"=?%s?B?",charset[i]);
@@ -41,7 +42,7 @@
                  strlen(encode_prefix)) ) {
                      isbqheader=
                      bqheader_decode(&iptr,encode_prefix,Bencode, 
-@@ -195,7 +198,7 @@
+@@ -195,7 +198,7 @@ void (*prwc)();
                  }
  
                  sprintf(encode_prefix,"=?%s?Q?",charset[i]);
@@ -50,7 +51,16 @@
                  strlen(encode_prefix)) ) {
                      isbqheader=
                      bqheader_decode(&iptr,encode_prefix,Qencode, 
-@@ -250,15 +253,15 @@
+@@ -238,7 +241,7 @@ int outCode;
+     unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN];
+     unsigned char *iptr, *tptr;
+ 
+-    if ( cp >= HDR_BUF_LEN ) {
++    if ( cp >= (HDR_BUF_LEN-8) ) {
+         pr2m(Printwc,fpout,outCode);
+         return;
+     }
+@@ -250,15 +253,15 @@ int outCode;
              return;
          }
          ibuf[cp++] = '\n';
@@ -69,7 +79,7 @@
                  string_to_base64(obuf, tbuf);
                  fprintf(fpout,"=?EUC-KR?B?%s?=",obuf);
              }
-@@ -342,12 +345,12 @@
+@@ -342,12 +345,12 @@ void (*prwc)();
     only checks if there's any whitespace or '?'.
  */
     
@@ -85,7 +95,7 @@
          iptr+=2;
          if (  encoding == Bencode) 
              base64_to_string(obuf, tbuf);
-@@ -495,7 +498,7 @@
+@@ -495,7 +498,7 @@ void header_switch(iptr,fpout)
  /* void header_switch(iptr0,fpout,name_len) */
  void header_switch(iptr,fpout)
  /* unsigned char **iptr0; */
-- 
cgit v1.2.3