diff options
author | Paul Traina <pst@FreeBSD.org> | 1996-04-21 07:29:16 +0000 |
---|---|---|
committer | Paul Traina <pst@FreeBSD.org> | 1996-04-21 07:29:16 +0000 |
commit | dbd8b7ea2c1342d744bdf67f71d50fbed82ca77f (patch) | |
tree | 00c4aadb7ac8340d9a66ccb236654c946b93b39c /net/pcnfsd | |
parent | 0210580524ac94a2f3d5313c4aa869405ecf14aa (diff) | |
download | ports-dbd8b7ea2c1342d744bdf67f71d50fbed82ca77f.tar.gz ports-dbd8b7ea2c1342d744bdf67f71d50fbed82ca77f.zip |
Notes
Diffstat (limited to 'net/pcnfsd')
-rw-r--r-- | net/pcnfsd/files/patch-ad | 79 | ||||
-rw-r--r-- | net/pcnfsd/pkg-descr | 3 |
2 files changed, 82 insertions, 0 deletions
diff --git a/net/pcnfsd/files/patch-ad b/net/pcnfsd/files/patch-ad new file mode 100644 index 000000000000..157636851469 --- /dev/null +++ b/net/pcnfsd/files/patch-ad @@ -0,0 +1,79 @@ +The following two patches are security patches as discussed in CERT advisory +CA:96-08.pcnfsd dated April 18th. + +*** /tmp/T0a005Z3 Fri Apr 19 14:50:43 1996 +--- pcnfsd_misc.c Fri Apr 19 14:37:00 1996 +*************** +*** 114,120 **** + int suspicious (s) + char *s; + { +! if(strpbrk(s, ";|&<>`'#!?*()[]^/") != NULL) + return 1; + return 0; + } +--- 114,120 ---- + int suspicious (s) + char *s; + { +! if(strpbrk(s, ";|&<>`'#!?*()[]^/${}\n\r\"\\:") != NULL) + return 1; + return 0; + } +*** /tmp/T0a002c1 Fri Apr 5 13:14:50 1996 +--- pcnfsd_print.c Fri Apr 5 13:14:46 1996 +*************** +*** 221,226 **** +--- 221,227 ---- + { + int dir_mode = 0777; + int rc; ++ mode_t oldmask; + + *sp = &pathname[0]; + pathname[0] = '\0'; +*************** +*** 231,241 **** + /* get pathname of current directory and return to client */ + + (void)sprintf(pathname,"%s/%s",sp_name, sys); + (void)mkdir(sp_name, dir_mode); /* ignore the return code */ +- (void)chmod(sp_name, dir_mode); + rc = mkdir(pathname, dir_mode); /* DON'T ignore this return code */ + if((rc < 0 && errno != EEXIST) || +- (chmod(pathname, dir_mode) != 0) || + (stat(pathname, &statbuf) != 0) || + !(statbuf.st_mode & S_IFDIR)) { + (void)sprintf(tempstr, +--- 232,242 ---- + /* get pathname of current directory and return to client */ + + (void)sprintf(pathname,"%s/%s",sp_name, sys); ++ oldmask = umask(0); + (void)mkdir(sp_name, dir_mode); /* ignore the return code */ + rc = mkdir(pathname, dir_mode); /* DON'T ignore this return code */ ++ umask(oldmask); + if((rc < 0 && errno != EEXIST) || + (stat(pathname, &statbuf) != 0) || + !(statbuf.st_mode & S_IFDIR)) { + (void)sprintf(tempstr, +*************** +*** 381,387 **** + ** filter with the appropriate arguments. + **------------------------------------------------------ + */ +! (void)run_ps630(new_pathname, opts); + } + /* + ** Try to match to an aliased printer +--- 382,391 ---- + ** filter with the appropriate arguments. + **------------------------------------------------------ + */ +! (void)sprintf(tempstr, +! "rpc.pcnfsd: ps630 filter disabled for %s\n", pathname); +! msg_out(tempstr); +! return(PS_RES_FAIL); + } + /* + ** Try to match to an aliased printer diff --git a/net/pcnfsd/pkg-descr b/net/pcnfsd/pkg-descr index 7d852a335043..8a944483b15c 100644 --- a/net/pcnfsd/pkg-descr +++ b/net/pcnfsd/pkg-descr @@ -1,3 +1,6 @@ pcnfsd(8) is an authentication and support server to be used by NFS clients that don't have their own authentication system (e.g. DOS PC's, Macintoshes, fileserver translators...) + +This version includes the security patches discussed in CERT advisory +CA:96-08.pcnfsd. |