Fix an Apple specific buffer overflow. To skip the first argument from

Finder, some copying to and from a local buffer in main is done, without
argument checking.

When a web browser or MUA is configured to start Blender automatically,
this might be exploitable to gain priviledges of the current user.

This is related to CVE-2005-3151.
This commit is contained in:
joerg 2006-02-12 21:52:18 +00:00
parent d9fe9c312f
commit a90eff9301
3 changed files with 18 additions and 2 deletions

View file

@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.51 2006/02/12 21:32:38 jschauma Exp $
# $NetBSD: Makefile,v 1.52 2006/02/12 21:52:18 joerg Exp $
DISTNAME= blender-2.41
PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ftp://ftp.cs.umn.edu/pub/blender.org/source/ \
http://download.blender.org/source/

View file

@ -1,8 +1,9 @@
$NetBSD: distinfo,v 1.19 2006/02/10 20:34:25 adam Exp $
$NetBSD: distinfo,v 1.20 2006/02/12 21:52:18 joerg Exp $
SHA1 (blender-2.41.tar.gz) = 839dfece3b6efbf10694ac535d88e3745c3253ec
RMD160 (blender-2.41.tar.gz) = 7857eac2acda18ee24db4bb147bcf780025e2c12
Size (blender-2.41.tar.gz) = 9464385 bytes
SHA1 (patch-aa) = 21dd95ff4ab51bb9b1084f28e4e080ca38421bce
SHA1 (patch-ab) = 3c8b57b1aac2aba141d8392ce8e9c7759febd68f
SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2
SHA1 (patch-ae) = 4d9fdef4141445534e0fb476d9e14b42fcaf29d7

View file

@ -0,0 +1,14 @@
$NetBSD: patch-aa,v 1.5 2006/02/12 21:52:19 joerg Exp $
--- intern/ghost/intern/GHOST_SystemCarbon.cpp.orig 2006-02-12 22:17:07.000000000 +0100
+++ intern/ghost/intern/GHOST_SystemCarbon.cpp
@@ -527,7 +527,8 @@ static char g_firstFileBuf[512];
extern "C" int GHOST_HACK_getFirstFile(char buf[512]) {
if (g_hasFirstFile) {
- strcpy(buf, g_firstFileBuf);
+ strncpy(buf, g_firstFileBuf, sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
return 1;
} else {
return 0;