From 9f6e68c273ef23d8931905b25819b65a4c358f64 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Thu, 29 Nov 2001 15:06:19 +0000 Subject: Patch from vendor. From the ChangeLog: 2001-11-27 Flavio Veloso * gnuserv.c: Fix a potential buffer overflow in permitted() that may allow the client to execute code on the server. --- devel/libgtop/Makefile | 1 + devel/libgtop/files/patch-src::daemon::gnuserv.c | 15 +++++++++++++++ devel/libgtop2/Makefile | 1 + devel/libgtop2/files/patch-src::daemon::gnuserv.c | 15 +++++++++++++++ 4 files changed, 32 insertions(+) create mode 100644 devel/libgtop/files/patch-src::daemon::gnuserv.c create mode 100644 devel/libgtop2/files/patch-src::daemon::gnuserv.c (limited to 'devel') diff --git a/devel/libgtop/Makefile b/devel/libgtop/Makefile index 94af3fda2d6d..aafc98ffce53 100644 --- a/devel/libgtop/Makefile +++ b/devel/libgtop/Makefile @@ -7,6 +7,7 @@ PORTNAME= libgtop PORTVERSION= 1.0.12 +PORTREVISION= 1 CATEGORIES= devel gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= stable/sources/libgtop diff --git a/devel/libgtop/files/patch-src::daemon::gnuserv.c b/devel/libgtop/files/patch-src::daemon::gnuserv.c new file mode 100644 index 000000000000..8b0712a8d041 --- /dev/null +++ b/devel/libgtop/files/patch-src::daemon::gnuserv.c @@ -0,0 +1,15 @@ +--- src/daemon/gnuserv.c.orig Thu Nov 29 08:58:40 2001 ++++ src/daemon/gnuserv.c Thu Nov 29 08:58:17 2001 +@@ -200,6 +200,12 @@ + + auth_data_len = atoi (buf); + ++ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { ++ syslog_message(LOG_WARNING, ++ "Invalid data length supplied by client"); ++ return FALSE; ++ } ++ + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) + return FALSE; + diff --git a/devel/libgtop2/Makefile b/devel/libgtop2/Makefile index 94af3fda2d6d..aafc98ffce53 100644 --- a/devel/libgtop2/Makefile +++ b/devel/libgtop2/Makefile @@ -7,6 +7,7 @@ PORTNAME= libgtop PORTVERSION= 1.0.12 +PORTREVISION= 1 CATEGORIES= devel gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= stable/sources/libgtop diff --git a/devel/libgtop2/files/patch-src::daemon::gnuserv.c b/devel/libgtop2/files/patch-src::daemon::gnuserv.c new file mode 100644 index 000000000000..8b0712a8d041 --- /dev/null +++ b/devel/libgtop2/files/patch-src::daemon::gnuserv.c @@ -0,0 +1,15 @@ +--- src/daemon/gnuserv.c.orig Thu Nov 29 08:58:40 2001 ++++ src/daemon/gnuserv.c Thu Nov 29 08:58:17 2001 +@@ -200,6 +200,12 @@ + + auth_data_len = atoi (buf); + ++ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { ++ syslog_message(LOG_WARNING, ++ "Invalid data length supplied by client"); ++ return FALSE; ++ } ++ + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) + return FALSE; + -- cgit v1.2.3