diff options
| author | Martin Wilke <miwi@FreeBSD.org> | 2007-11-05 21:54:46 +0000 |
|---|---|---|
| committer | Martin Wilke <miwi@FreeBSD.org> | 2007-11-05 21:54:46 +0000 |
| commit | dff5dcf9576f244154d7946374b777c580e3cbbe (patch) | |
| tree | 0e1abd56e7b1a1d5e85bd8919a52d81efc510f73 /ftp/gftp | |
| parent | e64b45d48eac41762c2a29530d97646b7b6e66d5 (diff) | |
| download | ports-dff5dcf9576f244154d7946374b777c580e3cbbe.tar.gz ports-dff5dcf9576f244154d7946374b777c580e3cbbe.zip | |
- Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names.
- Bump PORTREVISION
Reviewed by: simon
Approved by: portmgr (erwin)
Obtained from: gentoo cvs
Security: http://www.vuxml.org/freebsd/f8b0f83c-8bb3-11dc-bffa-0016179b2dd5.html
Notes
Notes:
svn path=/head/; revision=202530
Diffstat (limited to 'ftp/gftp')
| -rw-r--r-- | ftp/gftp/Makefile | 2 | ||||
| -rw-r--r-- | ftp/gftp/files/patch-lib-fsplib_fsplib.c | 47 | ||||
| -rw-r--r-- | ftp/gftp/files/patch-lib-fsplib_fsplib.h | 24 |
3 files changed, 72 insertions, 1 deletions
diff --git a/ftp/gftp/Makefile b/ftp/gftp/Makefile index 43275c0bdbf9..88b428064136 100644 --- a/ftp/gftp/Makefile +++ b/ftp/gftp/Makefile @@ -7,7 +7,7 @@ PORTNAME= gftp PORTVERSION= 2.0.18 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= ftp MASTER_SITES= http://gftp.seul.org/ \ ftp://gftp.seul.org/pub/gftp/ diff --git a/ftp/gftp/files/patch-lib-fsplib_fsplib.c b/ftp/gftp/files/patch-lib-fsplib_fsplib.c new file mode 100644 index 000000000000..151b3bfb8c2d --- /dev/null +++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.c @@ -0,0 +1,47 @@ +--- lib/fsplib/fsplib.c.orig 2005-01-19 03:03:45.000000000 +0100 ++++ lib/fsplib/fsplib.c 2007-11-05 16:37:32.000000000 +0100 +@@ -612,7 +612,7 @@ + entry->d_reclen = fentry.reclen; + strncpy(entry->d_name,fentry.name,MAXNAMLEN); + +- if (fentry.namlen > MAXNAMLEN) ++ if (fentry.namlen >= MAXNAMLEN) + { + entry->d_name[MAXNAMLEN + 1 ] = '\0'; + #ifdef HAVE_NAMLEN +@@ -680,9 +680,19 @@ + /* skip file date and file size */ + dir->dirpos += 9; + /* read file name */ +- entry->name[255 + 1] = '\0'; ++ entry->name[255] = '\0'; + strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN); ++ /* check for ASCIIZ encoded filename */ ++ if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL) ++ { + namelen = strlen( (char *) dir->data+dir->dirpos); ++ } ++ else ++ { ++ /* \0 terminator not found at end of filename */ ++ *result = NULL; ++ return 0; ++ } + /* skip over file name */ + dir->dirpos += namelen +1; + +@@ -709,12 +719,12 @@ + + struct dirent * fsp_readdir(FSP_DIR *dirp) + { +- static struct dirent entry; ++ static dirent_workaround entry; + struct dirent *result; + + + if (dirp == NULL) return NULL; +- if ( fsp_readdir_r(dirp,&entry,&result) ) ++ if ( fsp_readdir_r(dirp,&entry.dirent,&result) ) + return NULL; + else + return result; diff --git a/ftp/gftp/files/patch-lib-fsplib_fsplib.h b/ftp/gftp/files/patch-lib-fsplib_fsplib.h new file mode 100644 index 000000000000..5d2d7449b053 --- /dev/null +++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.h @@ -0,0 +1,24 @@ +--- lib/fsplib/fsplib.h.orig 2005-01-19 03:04:02.000000000 +0100 ++++ lib/fsplib/fsplib.h 2007-11-05 16:37:32.000000000 +0100 +@@ -1,6 +1,8 @@ + #ifndef _FSPLIB_H + #define _FSPLIB_H 1 + #include <time.h> ++#include <stddef.h> ++ + /* The FSP v2 protocol support library - public interface */ + + /* +@@ -138,6 +140,12 @@ + unsigned int pos; /* position of next packet */ + } FSP_FILE; + ++ ++typedef union dirent_workaround { ++ struct dirent dirent; ++ char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1]; ++} dirent_workaround; ++ + /* function prototypes */ + + /* session management */ |