From d8ba0a6a45a03b01c485b3aa834a3ef883613b2e Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Thu, 18 Nov 2004 12:06:51 +0000 Subject: FreeBSD-SA-04:16.fetch: MFC revision 1.75 of src/usr.bin/fetch/fetch.c Bump newvers.sh and document in UPDATING. Approved by: so --- UPDATING | 4 ++++ sys/conf/newvers.sh | 2 +- usr.bin/fetch/fetch.c | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/UPDATING b/UPDATING index 920af00dc0bc..6096c8fc2a60 100644 --- a/UPDATING +++ b/UPDATING @@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20041118: p28 FreeBSD-SA-04:16.fetch + Correct a buffer overflow in fetch(1) which could allow a + mallicious server to execute arbitrary code on the client. + 20040519: p27 FreeBSD-SA-04:10.cvs Correct a heap overflow in cvs's pserver protocol parser. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index fb715e4cda66..1ffe15f528d2 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.7" -BRANCH="RELEASE-p27" +BRANCH="RELEASE-p28" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/usr.bin/fetch/fetch.c b/usr.bin/fetch/fetch.c index 34ee02e68f3a..7dfdbaf26e8c 100644 --- a/usr.bin/fetch/fetch.c +++ b/usr.bin/fetch/fetch.c @@ -503,7 +503,8 @@ fetch(char *URL, const char *path) /* suck in the data */ signal(SIGINFO, sig_handler); while (!sigint && !sigalrm) { - if (us.size != -1 && us.size - count < B_size) + if (us.size != -1 && us.size - count < B_size && + us.size - count >= 0) size = us.size - count; else size = B_size; -- cgit v1.2.3