aboutsummaryrefslogtreecommitdiff
path: root/net-p2p/verlihub
diff options
context:
space:
mode:
authorMartin Wilke <miwi@FreeBSD.org>2009-01-11 19:42:13 +0000
committerMartin Wilke <miwi@FreeBSD.org>2009-01-11 19:42:13 +0000
commit02870e7f94b96652bb7af8fcf4609b4fa6038cf1 (patch)
treebb516e3a92c12c1d1aa80d64e8f059b3bc2809c0 /net-p2p/verlihub
parent633df5325557fc40c53fe662051bf8c485223c21 (diff)
downloadports-02870e7f94b96652bb7af8fcf4609b4fa6038cf1.tar.gz
ports-02870e7f94b96652bb7af8fcf4609b4fa6038cf1.zip
Notes
Diffstat (limited to 'net-p2p/verlihub')
-rw-r--r--net-p2p/verlihub/Makefile5
-rw-r--r--net-p2p/verlihub/files/patch-CVE-2008-570682
2 files changed, 84 insertions, 3 deletions
diff --git a/net-p2p/verlihub/Makefile b/net-p2p/verlihub/Makefile
index 7d5091d15a9a..009cd1f04384 100644
--- a/net-p2p/verlihub/Makefile
+++ b/net-p2p/verlihub/Makefile
@@ -7,11 +7,10 @@
PORTNAME= verlihub
DISTVERSION= 0.9.8d-RC2
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= net-p2p
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
-MASTER_SITE_SUBDIR= ${PORTNAME}
+MASTER_SITES= SF
MAINTAINER= skylord@vt.net.ru
COMMENT= A Direct Connect protocol server (Hub)
diff --git a/net-p2p/verlihub/files/patch-CVE-2008-5706 b/net-p2p/verlihub/files/patch-CVE-2008-5706
new file mode 100644
index 000000000000..61dc4ca9bef6
--- /dev/null
+++ b/net-p2p/verlihub/files/patch-CVE-2008-5706
@@ -0,0 +1,82 @@
+--- src/ctrigger.cpp.orig 2005-04-11 19:18:38.000000000 +0400
++++ src/ctrigger.cpp 2008-12-27 23:28:14.000000000 +0300
+@@ -7,6 +7,9 @@
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ ***************************************************************************/
++#include <errno.h>
++#include <stdio.h>
++#include <string.h>
+ #include "cserverdc.h"
+ #include "ctrigger.h"
+ #include "cconndc.h"
+@@ -44,16 +47,33 @@
+ {
+ string buf, filename, sender;
+ string par1, end1, parall;
++ string cmdl;
++
+ if (conn && conn->mpUser)
+ {
++ cmd_line >> cmdl;
++ /* Sanitise user input if we're going to exec anything */
++ if (mFlags & eTF_EXECUTE && server.mDBConf.allow_exec) {
++ string cleaned = string();
++ const string toclean = string(";\"'\\`:!${}[]&><|~/");
++
++ for (string::iterator i = cmdl.begin();
++ i < cmdl.end();
++ i++) {
++ if (toclean.find(*i) == string::npos)
++ cleaned.append(1, *i);
++ }
++ cmdl = cleaned;
++ }
++
+ int uclass = conn->mpUser->mClass;
+ if ((uclass >= this->mMinClass) &&(uclass <= this->mMaxClass)) {
+
+- if(cmd_line.str().size() > mCommand.size()) {
+- parall.assign(cmd_line.str(),mCommand.size()+1,string::npos);
++ if(cmdl.size() > mCommand.size()) {
++ parall.assign(cmdl,mCommand.size()+1,string::npos);
+ }
+- cmd_line >> par1;
+- end1 = cmd_line.str();
++ par1 = cmdl;
++ end1 = cmdl;
+
+ sender = server.mC.hub_security;
+ if (mSendAs.size()) sender = mSendAs;
+@@ -104,14 +124,25 @@
+
+ if (mFlags & eTF_EXECUTE && server.mDBConf.allow_exec) {
+ string command(buf);
+- filename = server.mConfigBaseDir;
+- filename.append("/tmp/trigger.tmp");
+- command.append(" > ");
+- command.append(filename);
++ char buffer[1024];
++ FILE *stream;
++
+ cout << command << endl;
+- system(command.c_str());
+ buf = "";
+- if (!LoadFileInString(filename,buf)) return 0;
++ stream = popen(command.c_str(), "r");
++ if (stream == NULL) {
++ cout << strerror(errno) << std::endl;
++ return 0;
++ } else {
++ while (fgets(buffer, sizeof(buffer),
++ stream) != NULL)
++ buf.append(buffer);
++ if (pclose(stream) == -1) {
++ cout << strerror(errno) <<
++ std::endl;
++ return 0;
++ }
++ }
+ }
+
+ // @CHANGED by dReiska +BEGINS+