freebsd-ports/textproc/unrtf/files/patch-convert.c at 235c907ae5ea9956ecbe6fc718411fb2d358bc10 - kpriv/freebsd-ports - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/freebsd-ports

Alexey Dokuchaev a134d2757d - Attempt to fix the exploitable security issue described at

http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
  replacing strcat() with strncat().  Please note that I wasn't able to
  reproduce the exploit described at
  http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
  Feedback from someone who can reproduce the exploit with an unpatched unrtf
  would be appreciated
- Bump PORTREVISION
- Remove old master site that doesn't seem to have the distfile any more

VuXML:		f2d5e56e-67eb-11d9-a9e7-0001020eed82
PR:		ports/76852
Submitted by:	Stefan Walter <sw(at)gegenunendlich.de>

2005-02-11 13:33:02 +00:00

11 lines

290 B

C

Raw Blame History

 --- convert.c.orig	Sun Jan 30 13:34:16 2005
 +++ convert.c	Sun Jan 30 13:35:36 2005
@@ -341,7 +341,7 @@
  				while(w2) {
  					tmp = word_string (w2);
  					if (tmp && tmp[0] != '\\')
 -						strcat(name,tmp);
 +						strncat(name,tmp,sizeof(name)-strlen(name)-1);
  					w2=w2->next;
  				}