From a302915bcfb004f1a8a31f7e02b71fa680a057c5 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Fri, 5 Nov 2004 21:47:13 +0000 Subject: Add a patch for the most recent mpg123 buffer-overflow vulnerability noted in VuXML. PR: ports/73091 Submitted by: Roman Bogorodskiy (maintainer) VuXML: http://vuxml.FreeBSD.org/20d16518-2477-11d9-814e-0001020eed82.html Approved by: clement --- audio/mpg123/Makefile | 2 +- audio/mpg123/files/patch-httpget.c | 47 ++++++++++++++++++++++++++++++++++---- 2 files changed, 44 insertions(+), 5 deletions(-) (limited to 'audio/mpg123') diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile index 3f6ac2096023..f0d8ff84610b 100644 --- a/audio/mpg123/Makefile +++ b/audio/mpg123/Makefile @@ -7,7 +7,7 @@ PORTNAME= mpg123 PORTVERSION= 0.59r -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= audio ipv6 MASTER_SITES= http://www.mpg123.de/mpg123/ \ http://www-ti.informatik.uni-tuebingen.de/~hippm/mpg123/ diff --git a/audio/mpg123/files/patch-httpget.c b/audio/mpg123/files/patch-httpget.c index bebfaf9fe57c..d74ea4f3811d 100644 --- a/audio/mpg123/files/patch-httpget.c +++ b/audio/mpg123/files/patch-httpget.c @@ -1,6 +1,6 @@ ---- httpget.c.orig 2003-11-13 18:34:37.000000000 +0000 -+++ httpget.c 2003-11-13 18:35:10.000000000 +0000 -@@ -55,11 +55,10 @@ void readstring (char *string, int maxle +--- httpget.c.orig Fri Nov 5 16:11:04 2004 ++++ httpget.c Fri Nov 5 16:43:27 2004 +@@ -55,11 +55,10 @@ #endif int pos = 0; @@ -13,7 +13,7 @@ break; } } -@@ -68,6 +67,7 @@ void readstring (char *string, int maxle +@@ -68,6 +67,7 @@ exit(1); } } @@ -21,3 +21,42 @@ #if 0 do { result = fgets(string, maxlen, f); +@@ -114,6 +114,7 @@ + int getauthfromURL(char *url,char *auth) + { + char *pos; ++ int len; + + *auth = 0; + +@@ -126,8 +127,14 @@ + if( url[i] == '/' ) + return 0; + } +- strncpy(auth,url,pos-url); +- auth[pos-url] = 0; ++ ++ if ((pos-url) > 255) ++ len = 255; ++ else ++ len = pos-url; ++ ++ strncpy(auth,url,len); ++ auth[len] = 0; + strcpy(url,pos+1); + return 1; + } +@@ -292,11 +299,11 @@ + } + strcat (request, sptr); + } +- sprintf (request + strlen(request), ++ snprintf (request + strlen(request), linelength - strlen(request), + " HTTP/1.0\r\nUser-Agent: %s/%s\r\n", + prgName, prgVersion); + if (host) { +- sprintf(request + strlen(request), ++ snprintf(request + strlen(request), linelength - strlen(request), + "Host: %s:%s\r\n", host, myport); + #if 0 + free (host); -- cgit v1.2.3