aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Anholt <anholt@FreeBSD.org>2003-03-15 04:32:37 +0000
committerEric Anholt <anholt@FreeBSD.org>2003-03-15 04:32:37 +0000
commitc53a3fe9fd5b2cfc1cc74aa52be8ed1c1f8b14d1 (patch)
tree49d2672b1efdc28d618d8c58f1296fbab24a6196
parent3d8d6945091c79e6bb199c7d5afcb44d01fb71cf (diff)
Add a fix for a possible buffer overflow in _XlcLocaleDirName(). Privileged
binaries are not vulnerable. Approved by: portmgr (kris) Obtained from: XFree86 CVS xf-4_3-branch
Notes
Notes: svn path=/head/; revision=77129
-rw-r--r--x11/XFree86-4-libraries/Makefile1
-rw-r--r--x11/XFree86-4-libraries/files/patch-Xlc-fix108
2 files changed, 109 insertions, 0 deletions
diff --git a/x11/XFree86-4-libraries/Makefile b/x11/XFree86-4-libraries/Makefile
index ff16d20bb0bb..d0806fb3ec21 100644
--- a/x11/XFree86-4-libraries/Makefile
+++ b/x11/XFree86-4-libraries/Makefile
@@ -7,6 +7,7 @@
PORTNAME= libraries
PORTVERSION= 4.3.0
+PORTREVISION= 1
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_XFREE:S/$/:x/} \
${MASTER_SITE_LOCAL:S/$/:local/}
diff --git a/x11/XFree86-4-libraries/files/patch-Xlc-fix b/x11/XFree86-4-libraries/files/patch-Xlc-fix
new file mode 100644
index 000000000000..93b9c4676e9d
--- /dev/null
+++ b/x11/XFree86-4-libraries/files/patch-Xlc-fix
@@ -0,0 +1,108 @@
+Index: lib/X11/XlcDL.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/XlcDL.c,v
+retrieving revision 1.9
+retrieving revision 1.9.2.1
+diff -u -u -r1.9 -r1.9.2.1
+--- lib/X11/XlcDL.c 25 Nov 2002 14:04:53 -0000 1.9
++++ lib/X11/XlcDL.c 11 Mar 2003 23:18:49 -0000 1.9.2.1
+@@ -406,7 +406,7 @@
+
+ if (lc_name == NULL) return (XLCd)NULL;
+
+- if (_XlcLocaleDirName(lc_dir, (char *)lc_name) == (char*)NULL)
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, (char *)lc_name) == (char*)NULL)
+ return (XLCd)NULL;
+
+ resolve_object(lc_dir, lc_name);
+@@ -452,7 +452,7 @@
+
+ lc_name = lcd->core->name;
+
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XIM)0;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XIM)0;
+
+ count = lc_count;
+ for (; count-- > 0; objects_list++) {
+@@ -498,7 +498,7 @@
+
+ lc_name = lcd->core->name;
+
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+
+ count = lc_count;
+ for (; count-- > 0; objects_list++) {
+@@ -543,7 +543,7 @@
+ #endif
+
+ lc_name = lcd->core->name;
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+
+ count = lc_count;
+ for (; count-- > 0; objects_list++) {
+@@ -610,7 +610,7 @@
+
+ lc_name = lcd->core->name;
+
+- if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XOM)0;
++ if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XOM)0;
+
+ count = lc_count;
+ for (; count-- > 0; objects_list++) {
+Index: lib/X11/XlcPubI.h
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/XlcPubI.h,v
+retrieving revision 3.9
+retrieving revision 3.9.6.1
+diff -u -u -r3.9 -r3.9.6.1
+--- lib/X11/XlcPubI.h 16 Nov 2001 00:52:27 -0000 3.9
++++ lib/X11/XlcPubI.h 11 Mar 2003 23:18:49 -0000 3.9.6.1
+@@ -217,6 +217,7 @@
+ extern char *_XlcLocaleDirName(
+ #if NeedFunctionPrototypes
+ char* /* dir_name */,
++ size_t, /* dir_len */
+ char* /* lc_name */
+ #endif
+ );
+Index: lib/X11/lcFile.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/lcFile.c,v
+retrieving revision 3.30
+retrieving revision 3.30.2.1
+diff -u -u -r3.30 -r3.30.2.1
+--- lib/X11/lcFile.c 25 Nov 2002 14:04:53 -0000 3.30
++++ lib/X11/lcFile.c 11 Mar 2003 23:18:49 -0000 3.30.2.1
+@@ -429,8 +429,9 @@
+ }
+
+ char *
+-_XlcLocaleDirName(dir_name, lc_name)
++_XlcLocaleDirName(dir_name, dir_len, lc_name)
+ char *dir_name;
++ size_t dir_len;
+ char *lc_name;
+ {
+ char dir[PATH_MAX], buf[PATH_MAX], *name = NULL;
+@@ -486,9 +487,16 @@
+ target_dir = args[0];
+ target_name = lc_name;
+ }
+- strcpy(dir_name, target_dir);
+- strcat(dir_name, "/");
+- strcat(dir_name, target_name);
++ /* snprintf(dir_name, dir_len, "%s/%", target_dir, target_name); */
++ strncpy(dir_name, target_dir, dir_len - 1);
++ if (strlen(target_dir) >= dir_len - 1) {
++ dir_name[dir_len - 1] = '\0';
++ } else {
++ strcat(dir_name, "/");
++ strncat(dir_name, target_name, dir_len - strlen(dir_name) - 1);
++ if (strlen(target_name) >= dir_len - strlen(dir_name) - 1)
++ dir_name[dir_len - 1] = '\0';
++ }
+ if (target_name != lc_name)
+ Xfree(target_name);
+ return dir_name;