3f08af39e0
which officially fixes the setuid security exploit by the vendors. Additionally, from the PR: * adds in distribution patches to allow it to interoperate with libtiff-3.5.5 (the current version in the ports tree), and replace an original FreeBSD patch. * includes security patches (replacements of 'strcpy' and 'sprintf', primarily), mostly based on patches originally submitted by Alex Langer [1] for 4.0pl2 and not yet commited, although some new work was done too. [1] I don't think, that these were my patches but those submitted by John Holland <john@zoner.org> in PR 19180. * Fixes some issues with the configure/setup scripts introduced since the previous version. * Additionally, original FreeBSD patches from 4.0pl2 were merged in where they were not addressed by anything else. (except the I18N patch, sorry). I removed the FORBIDDEN line since there are at least no obvious security concerns left. PR: 19237 Submitted by: Andy Sparrow <andy@geek4food.org>
69 lines
1.8 KiB
Text
69 lines
1.8 KiB
Text
diff -ruN port/syslog.c.orig port/syslog.c
|
|
--- port/syslog.c.orig Mon Oct 12 13:47:50 1998
|
|
+++ port/syslog.c Mon Jun 12 21:52:41 2000
|
|
@@ -88,7 +88,7 @@
|
|
register int cnt;
|
|
register char *p;
|
|
time_t now, time();
|
|
- int fd, saved_errno;
|
|
+ int fd, saved_errno, n;
|
|
char tbuf[2048], fmt_cpy[1024], *stdp, *ctime();
|
|
|
|
/* check for invalid bits or no priority set */
|
|
@@ -104,21 +104,21 @@
|
|
|
|
/* build the message */
|
|
(void)time(&now);
|
|
- (void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
|
|
- for (p = tbuf; *p; ++p);
|
|
+ (void)snprintf(tbuf, sizeof(tbuf), "<%d>%.15s ", pri, ctime(&now) + 4);
|
|
+ for (p = tbuf; *p; ++p, n++);
|
|
if (LogStat & LOG_PERROR)
|
|
stdp = p;
|
|
if (LogTag) {
|
|
- (void)strcpy(p, LogTag);
|
|
+ (void)strlcpy(p, LogTag, sizeof(tbuf) - n);
|
|
for (; *p; ++p);
|
|
}
|
|
if (LogStat & LOG_PID) {
|
|
- (void)sprintf(p, "[%d]", getpid());
|
|
+ (void)snprintf(p, sizeof(tbuf) - n, "[%d]", getpid());
|
|
for (; *p; ++p);
|
|
}
|
|
if (LogTag) {
|
|
- *p++ = ':';
|
|
- *p++ = ' ';
|
|
+ *p++ = ':'; n++;
|
|
+ *p++ = ' '; n++;
|
|
}
|
|
|
|
/* substitute error message for %m */
|
|
@@ -137,7 +137,7 @@
|
|
*t1 = '\0';
|
|
}
|
|
|
|
- (void)vsprintf(p, fmt_cpy, ap);
|
|
+ (void)vsnprintf(p, sizeof(tbuf) - n, fmt_cpy, ap);
|
|
|
|
cnt = strlen(tbuf);
|
|
|
|
@@ -170,7 +170,7 @@
|
|
* is the one from the syslogd failure.
|
|
*/
|
|
if ((fd = open(_PATH_CONSOLE, O_WRONLY, 0)) >= 0) {
|
|
- (void)strcat(tbuf, "\r\n");
|
|
+ (void)strlcat(tbuf, "\r\n", sizeof(tbuf));
|
|
cnt += 2;
|
|
p = index(tbuf, '>') + 1;
|
|
(void)write(fd, p, cnt - (p - tbuf));
|
|
diff -ruN port/vsyslog.c.orig port/vsyslog.c
|
|
--- port/vsyslog.c.orig Mon Oct 12 13:47:50 1998
|
|
+++ port/vsyslog.c Mon Jun 12 21:52:41 2000
|
|
@@ -49,6 +49,6 @@
|
|
*cp++ = c;
|
|
*cp = '\0';
|
|
}
|
|
- (void) vsprintf(tbuf, fmt_cpy, ap);
|
|
+ (void) vnsprintf(tbuf, sizeof(tbuf), fmt_cpy, ap);
|
|
(void) syslog(pri, "%s", tbuf);
|
|
}
|