aboutsummaryrefslogtreecommitdiff
path: root/www/cgihtml
diff options
context:
space:
mode:
authorPeter Pentchev <roam@FreeBSD.org>2003-10-27 12:18:06 +0000
committerPeter Pentchev <roam@FreeBSD.org>2003-10-27 12:18:06 +0000
commitcb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078 (patch)
tree71aa798d5d209a57e93ee719e0862113293d9fdf /www/cgihtml
parent61b9b76bc48625ea1515975b52079df709fbcee2 (diff)
downloadports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.tar.gz
ports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.zip
Notes
Diffstat (limited to 'www/cgihtml')
-rw-r--r--www/cgihtml/Makefile6
-rw-r--r--www/cgihtml/files/patch-aa114
2 files changed, 113 insertions, 7 deletions
diff --git a/www/cgihtml/Makefile b/www/cgihtml/Makefile
index 9efd458f0e9a..f7ecab36e32f 100644
--- a/www/cgihtml/Makefile
+++ b/www/cgihtml/Makefile
@@ -7,16 +7,14 @@
PORTNAME= cgihtml
PORTVERSION= 1.69
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www devel
MASTER_SITES= http://www.eekim.com/software/cgihtml/ \
ftp://www.eekim.com/pub/users/eekim/cgihtml/ \
ftp://hcs.harvard.edu/pub/web/tools/cgihtml/
-FORBIDDEN= Multiple vulnerabilities, see http://online.securityfocus.com/archive/1/305469
-
MAINTAINER= roam@FreeBSD.org
-COMMENT= "Library that simplifies the task of writing CGI programs in C"
+COMMENT= Library that simplifies the task of writing CGI programs in C
INSTALLS_SHLIB= yes
diff --git a/www/cgihtml/files/patch-aa b/www/cgihtml/files/patch-aa
index c9a4210cdd20..f208f6cfb91b 100644
--- a/www/cgihtml/files/patch-aa
+++ b/www/cgihtml/files/patch-aa
@@ -1,6 +1,114 @@
---- cgi-lib.c Wed Apr 11 20:03:57 2001
-+++ cgi-lib.c Wed Apr 11 20:04:20 2001
-@@ -529,9 +529,9 @@
+Index: cgi-lib.c
+===================================================================
+RCS file: /home/cvs/ringlet/c/contrib/www/cgihtml/cgi-lib.c,v
+retrieving revision 1.1.1.1
+retrieving revision 1.6
+diff -u -r1.1.1.1 -r1.6
+--- cgi-lib.c 27 Oct 2003 09:39:04 -0000 1.1.1.1
++++ cgi-lib.c 27 Oct 2003 12:07:00 -0000 1.6
+@@ -17,6 +17,10 @@
+
+ #ifdef WINDOWS
+ #include <io.h>
++#define mktemp _mktemp
++#define snprintf _snprintf
++#else
++#include <unistd.h>
+ #endif
+
+ #include "cgi-lib.h"
+@@ -87,11 +91,11 @@
+
+ char *get_POST()
+ {
+- unsigned int content_length;
++ size_t content_length;
+ char *buffer;
+
+ if (CONTENT_LENGTH != NULL) {
+- content_length = atoi(CONTENT_LENGTH);
++ content_length = (size_t)strtoull(CONTENT_LENGTH, NULL, 10);
+ buffer = (char *)malloc(sizeof(char) * content_length + 1);
+ if (fread(buffer,sizeof(char),content_length,stdin) != content_length) {
+ /* consistency error. */
+@@ -202,7 +206,7 @@
+
+ int parse_form_encoded(llist* entries)
+ {
+- long content_length;
++ size_t content_length, fnsize;
+ entrytype entry;
+ node* window;
+ FILE *uploadfile;
+@@ -220,7 +224,7 @@
+ _fmode = BINARY; /* default all file I/O as binary */
+ #endif
+ if (CONTENT_LENGTH != NULL)
+- content_length = atol(CONTENT_LENGTH);
++ content_length = (size_t)strtoull(CONTENT_LENGTH, NULL, 10);
+ else
+ return 0;
+ /* get boundary */
+@@ -241,14 +245,20 @@
+ robustness sake. */
+ buffer[bytesread] = '\0';
+ tempstr = newstr(buffer);
+- tempstr += (sizeof(char) * 38); /* 38 is header up to name */
+- entry.name = tempstr;
++ entry.name = strstr(tempstr, "name=\"");
++ if (entry.name == NULL) {
++ free(tempstr);
++ return 0;
++ }
++ entry.name += 6;
++ if (strchr(entry.name, '"') == NULL) {
++ free(tempstr);
++ return 0;
++ }
++ *strchr(entry.name, '"') = '\0';
+ entry.value = (char *)malloc(sizeof(char) * BUFSIZ + 1);
+ buffersize = BUFSIZ;
+ strcpy(entry.value,"");
+- while (*tempstr != '"')
+- tempstr++;
+- *tempstr = '\0';
+ if (strstr(buffer,"filename=\"") != NULL) {
+ isfile = 1;
+ tempstr = newstr(buffer);
+@@ -258,9 +268,9 @@
+ entry.value = (char *) realloc(entry.value, sizeof(char) *
+ strlen(tempstr)+1);
+ entry.value = tempstr;
+- while (*tempstr != '"')
+- tempstr++;
+- *tempstr = '\0';
++ if (strchr(tempstr, '"') == NULL)
++ return 0;
++ *strchr(tempstr, '"') = '\0';
+ /* Netscape's Windows browsers handle paths differently from its
+ UNIX and Mac browsers. It delivers a full path for the uploaded
+ file (which it shouldn't do), and it uses backslashes rather than
+@@ -275,13 +285,12 @@
+ }
+ window = list_insafter(entries,window,entry);
+ numentries++;
+- uploadfname = (char *)malloc(strlen(UPLOADDIR)+strlen(entry.value)+2);
+-#ifdef WINDOWS
+- sprintf(uploadfname,"%s\\%s",UPLOADDIR,entry.value);
+-#else
+- sprintf(uploadfname,"%s/%s",UPLOADDIR,entry.value);
+-#endif
+- if ( (uploadfile = fopen(uploadfname,"w")) == NULL) {
++ fnsize = strlen(UPLOADDIR) + 30;
++ uploadfname = (char *)malloc(fnsize);
++ snprintf(uploadfname,fnsize,"%s/cgihtml-upload-XXXXXX",UPLOADDIR);
++ uploadfname[fnsize - 1] = '\0';
++ if (mktemp(uploadfname) == NULL ||
++ (uploadfile = fopen(uploadfname,"w")) == NULL) {
+ /* null filename; for now, just don't save info. later, save
+ to default file */
+ isfile = 0;
+@@ -529,9 +538,9 @@
int numcookies = 0;
short NM = 1;