diff options
author | Eric Anholt <anholt@FreeBSD.org> | 2003-03-15 04:32:37 +0000 |
---|---|---|
committer | Eric Anholt <anholt@FreeBSD.org> | 2003-03-15 04:32:37 +0000 |
commit | c53a3fe9fd5b2cfc1cc74aa52be8ed1c1f8b14d1 (patch) | |
tree | 49d2672b1efdc28d618d8c58f1296fbab24a6196 | |
parent | 3d8d6945091c79e6bb199c7d5afcb44d01fb71cf (diff) |
Add a fix for a possible buffer overflow in _XlcLocaleDirName(). Privileged
binaries are not vulnerable.
Approved by: portmgr (kris)
Obtained from: XFree86 CVS xf-4_3-branch
Notes
Notes:
svn path=/head/; revision=77129
-rw-r--r-- | x11/XFree86-4-libraries/Makefile | 1 | ||||
-rw-r--r-- | x11/XFree86-4-libraries/files/patch-Xlc-fix | 108 |
2 files changed, 109 insertions, 0 deletions
diff --git a/x11/XFree86-4-libraries/Makefile b/x11/XFree86-4-libraries/Makefile index ff16d20bb0bb..d0806fb3ec21 100644 --- a/x11/XFree86-4-libraries/Makefile +++ b/x11/XFree86-4-libraries/Makefile @@ -7,6 +7,7 @@ PORTNAME= libraries PORTVERSION= 4.3.0 +PORTREVISION= 1 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_XFREE:S/$/:x/} \ ${MASTER_SITE_LOCAL:S/$/:local/} diff --git a/x11/XFree86-4-libraries/files/patch-Xlc-fix b/x11/XFree86-4-libraries/files/patch-Xlc-fix new file mode 100644 index 000000000000..93b9c4676e9d --- /dev/null +++ b/x11/XFree86-4-libraries/files/patch-Xlc-fix @@ -0,0 +1,108 @@ +Index: lib/X11/XlcDL.c +=================================================================== +RCS file: /home/ncvs/xfree/xc/lib/X11/XlcDL.c,v +retrieving revision 1.9 +retrieving revision 1.9.2.1 +diff -u -u -r1.9 -r1.9.2.1 +--- lib/X11/XlcDL.c 25 Nov 2002 14:04:53 -0000 1.9 ++++ lib/X11/XlcDL.c 11 Mar 2003 23:18:49 -0000 1.9.2.1 +@@ -406,7 +406,7 @@ + + if (lc_name == NULL) return (XLCd)NULL; + +- if (_XlcLocaleDirName(lc_dir, (char *)lc_name) == (char*)NULL) ++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, (char *)lc_name) == (char*)NULL) + return (XLCd)NULL; + + resolve_object(lc_dir, lc_name); +@@ -452,7 +452,7 @@ + + lc_name = lcd->core->name; + +- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XIM)0; ++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XIM)0; + + count = lc_count; + for (; count-- > 0; objects_list++) { +@@ -498,7 +498,7 @@ + + lc_name = lcd->core->name; + +- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False; ++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False; + + count = lc_count; + for (; count-- > 0; objects_list++) { +@@ -543,7 +543,7 @@ + #endif + + lc_name = lcd->core->name; +- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False; ++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False; + + count = lc_count; + for (; count-- > 0; objects_list++) { +@@ -610,7 +610,7 @@ + + lc_name = lcd->core->name; + +- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XOM)0; ++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XOM)0; + + count = lc_count; + for (; count-- > 0; objects_list++) { +Index: lib/X11/XlcPubI.h +=================================================================== +RCS file: /home/ncvs/xfree/xc/lib/X11/XlcPubI.h,v +retrieving revision 3.9 +retrieving revision 3.9.6.1 +diff -u -u -r3.9 -r3.9.6.1 +--- lib/X11/XlcPubI.h 16 Nov 2001 00:52:27 -0000 3.9 ++++ lib/X11/XlcPubI.h 11 Mar 2003 23:18:49 -0000 3.9.6.1 +@@ -217,6 +217,7 @@ + extern char *_XlcLocaleDirName( + #if NeedFunctionPrototypes + char* /* dir_name */, ++ size_t, /* dir_len */ + char* /* lc_name */ + #endif + ); +Index: lib/X11/lcFile.c +=================================================================== +RCS file: /home/ncvs/xfree/xc/lib/X11/lcFile.c,v +retrieving revision 3.30 +retrieving revision 3.30.2.1 +diff -u -u -r3.30 -r3.30.2.1 +--- lib/X11/lcFile.c 25 Nov 2002 14:04:53 -0000 3.30 ++++ lib/X11/lcFile.c 11 Mar 2003 23:18:49 -0000 3.30.2.1 +@@ -429,8 +429,9 @@ + } + + char * +-_XlcLocaleDirName(dir_name, lc_name) ++_XlcLocaleDirName(dir_name, dir_len, lc_name) + char *dir_name; ++ size_t dir_len; + char *lc_name; + { + char dir[PATH_MAX], buf[PATH_MAX], *name = NULL; +@@ -486,9 +487,16 @@ + target_dir = args[0]; + target_name = lc_name; + } +- strcpy(dir_name, target_dir); +- strcat(dir_name, "/"); +- strcat(dir_name, target_name); ++ /* snprintf(dir_name, dir_len, "%s/%", target_dir, target_name); */ ++ strncpy(dir_name, target_dir, dir_len - 1); ++ if (strlen(target_dir) >= dir_len - 1) { ++ dir_name[dir_len - 1] = '\0'; ++ } else { ++ strcat(dir_name, "/"); ++ strncat(dir_name, target_name, dir_len - strlen(dir_name) - 1); ++ if (strlen(target_name) >= dir_len - strlen(dir_name) - 1) ++ dir_name[dir_len - 1] = '\0'; ++ } + if (target_name != lc_name) + Xfree(target_name); + return dir_name; |