author: Peter Pentchev <roam@FreeBSD.org> 2003-10-27 12:18:06 +0000
committer: Peter Pentchev <roam@FreeBSD.org> 2003-10-27 12:18:06 +0000
commit: cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078 (patch)
tree: 71aa798d5d209a57e93ee719e0862113293d9fdf /www/cgihtml
parent: 61b9b76bc48625ea1515975b52079df709fbcee2 (diff)
download: ports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.tar.gz
ports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.zip
2 files changed, 113 insertions, 7 deletions
diff --git a/www/cgihtml/Makefile b/www/cgihtml/Makefile
index 9efd458f0e9a..f7ecab36e32f 100644
--- a/www/cgihtml/Makefile
+++ b/www/cgihtml/Makefile
@@ -7,16 +7,14 @@
 
 PORTNAME=	cgihtml
 PORTVERSION=	1.69
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www devel
 MASTER_SITES=	http://www.eekim.com/software/cgihtml/ \
 		ftp://www.eekim.com/pub/users/eekim/cgihtml/ \
 		ftp://hcs.harvard.edu/pub/web/tools/cgihtml/
 
-FORBIDDEN=	Multiple vulnerabilities, see http://online.securityfocus.com/archive/1/305469
-
 MAINTAINER=	roam@FreeBSD.org
-COMMENT=	"Library that simplifies the task of writing CGI programs in C"
+COMMENT=	Library that simplifies the task of writing CGI programs in C
 
 INSTALLS_SHLIB=	yes
 
diff --git a/www/cgihtml/files/patch-aa b/www/cgihtml/files/patch-aa
index c9a4210cdd20..f208f6cfb91b 100644
--- a/www/cgihtml/files/patch-aa
+++ b/www/cgihtml/files/patch-aa
@@ -1,6 +1,114 @@
---- cgi-lib.c	Wed Apr 11 20:03:57 2001
-+++ cgi-lib.c	Wed Apr 11 20:04:20 2001
-@@ -529,9 +529,9 @@
+Index: cgi-lib.c
+===================================================================
+RCS file: /home/cvs/ringlet/c/contrib/www/cgihtml/cgi-lib.c,v
+retrieving revision 1.1.1.1
+retrieving revision 1.6
+diff -u -r1.1.1.1 -r1.6
+--- cgi-lib.c	27 Oct 2003 09:39:04 -0000	1.1.1.1
++++ cgi-lib.c	27 Oct 2003 12:07:00 -0000	1.6
+@@ -17,6 +17,10 @@
+ 
+ #ifdef WINDOWS
+ #include <io.h>
++#define mktemp	_mktemp
++#define snprintf	_snprintf
++#else
++#include <unistd.h>
+ #endif
+ 
+ #include "cgi-lib.h"
+@@ -87,11 +91,11 @@
+ 
+ char *get_POST()
+ {
+-  unsigned int content_length;
++  size_t content_length;
+   char *buffer;
+ 
+   if (CONTENT_LENGTH != NULL) {
+-    content_length = atoi(CONTENT_LENGTH);
++    content_length = (size_t)strtoull(CONTENT_LENGTH, NULL, 10);
+     buffer = (char *)malloc(sizeof(char) * content_length + 1);
+     if (fread(buffer,sizeof(char),content_length,stdin) != content_length) {
+       /* consistency error. */
+@@ -202,7 +206,7 @@
+ 
+ int parse_form_encoded(llist* entries)
+ {
+-  long content_length;
++  size_t content_length, fnsize;
+   entrytype entry;
+   node* window;
+   FILE *uploadfile;
+@@ -220,7 +224,7 @@
+   _fmode = BINARY;                    /* default all file I/O as binary */
+ #endif
+   if (CONTENT_LENGTH != NULL)
+-    content_length = atol(CONTENT_LENGTH);
++    content_length = (size_t)strtoull(CONTENT_LENGTH, NULL, 10);
+   else
+     return 0;
+   /* get boundary */
+@@ -241,14 +245,20 @@
+        robustness sake. */
+     buffer[bytesread] = '\0';
+     tempstr = newstr(buffer);
+-    tempstr += (sizeof(char) * 38); /* 38 is header up to name */
+-    entry.name = tempstr;
++    entry.name = strstr(tempstr, "name=\"");
++    if (entry.name == NULL) {
++      free(tempstr);
++      return 0;
++    }
++    entry.name += 6;
++    if (strchr(entry.name, '"') == NULL) {
++      free(tempstr);
++      return 0;
++    }
++    *strchr(entry.name, '"') = '\0';
+     entry.value = (char *)malloc(sizeof(char) * BUFSIZ + 1);
+     buffersize = BUFSIZ;
+     strcpy(entry.value,"");
+-    while (*tempstr != '"')
+-      tempstr++;
+-    *tempstr = '\0';
+     if (strstr(buffer,"filename=\"") != NULL) {
+       isfile = 1;
+       tempstr = newstr(buffer);
+@@ -258,9 +268,9 @@
+ 	entry.value = (char *) realloc(entry.value, sizeof(char) *
+ 				       strlen(tempstr)+1);
+       entry.value = tempstr;
+-      while (*tempstr != '"')
+-	tempstr++;
+-      *tempstr = '\0';
++      if (strchr(tempstr, '"') == NULL)
++        return 0;
++      *strchr(tempstr, '"') = '\0';
+       /* Netscape's Windows browsers handle paths differently from its
+ 	 UNIX and Mac browsers.  It delivers a full path for the uploaded
+ 	 file (which it shouldn't do), and it uses backslashes rather than
+@@ -275,13 +285,12 @@
+       }
+       window = list_insafter(entries,window,entry);
+       numentries++;
+-      uploadfname = (char *)malloc(strlen(UPLOADDIR)+strlen(entry.value)+2);
+-#ifdef WINDOWS
+-      sprintf(uploadfname,"%s\\%s",UPLOADDIR,entry.value);
+-#else
+-      sprintf(uploadfname,"%s/%s",UPLOADDIR,entry.value);
+-#endif
+-      if ( (uploadfile = fopen(uploadfname,"w")) == NULL) {
++      fnsize = strlen(UPLOADDIR) + 30;
++      uploadfname = (char *)malloc(fnsize);
++      snprintf(uploadfname,fnsize,"%s/cgihtml-upload-XXXXXX",UPLOADDIR);
++      uploadfname[fnsize - 1] = '\0';
++      if (mktemp(uploadfname) == NULL ||
++          (uploadfile = fopen(uploadfname,"w")) == NULL) {
+ 	/* null filename; for now, just don't save info.  later, save
+ 	   to default file */
+ 	isfile = 0;
+@@ -529,9 +538,9 @@
    int numcookies = 0;
    short NM = 1;
author	Peter Pentchev <roam@FreeBSD.org>	2003-10-27 12:18:06 +0000
committer	Peter Pentchev <roam@FreeBSD.org>	2003-10-27 12:18:06 +0000
commit	cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078 (patch)
tree	71aa798d5d209a57e93ee719e0862113293d9fdf /www/cgihtml
parent	61b9b76bc48625ea1515975b52079df709fbcee2 (diff)
download	ports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.tar.gz ports-cb98017ae9dabe7e9ddb5ca7ed32e42a9ad16078.zip