diff options
| author | Niels Heinen <niels@FreeBSD.org> | 2010-08-21 21:12:20 +0000 |
|---|---|---|
| committer | Niels Heinen <niels@FreeBSD.org> | 2010-08-21 21:12:20 +0000 |
| commit | 453207aab9b295adaa456a9f9360338ba0bc5a7f (patch) | |
| tree | 05aef4bf8721d856c13e7c48184580de63aa5060 /net/corkscrew/files/patch-security-corkscrew.c | |
| parent | Update to 1.3.0_rc2 (diff) | |
- Added security fix for auth file parsing code
Approved by: itetcu (mentor, implicit), maintainer
Security: Insecure sscanf usage
Diffstat (limited to 'net/corkscrew/files/patch-security-corkscrew.c')
| -rw-r--r-- | net/corkscrew/files/patch-security-corkscrew.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/net/corkscrew/files/patch-security-corkscrew.c b/net/corkscrew/files/patch-security-corkscrew.c new file mode 100644 index 000000000000..5809081dc5c5 --- /dev/null +++ b/net/corkscrew/files/patch-security-corkscrew.c @@ -0,0 +1,29 @@ +--- corkscrew.c.orig 2001-08-23 20:27:32.000000000 +0200 ++++ corkscrew.c 2010-08-21 10:26:23.000000000 +0200 +@@ -201,9 +201,8 @@ + fprintf(stderr, "Error opening %s: %s\n", argv[5], strerror(errno)); + exit(-1); + } else { +- char line[4096]; +- fscanf(fp, "%s", line); +- up = malloc(sizeof(line)); ++ char line[1024]; ++ fscanf(fp, "%1023s", line); + up = line; + fclose(fp); + } +@@ -249,11 +248,12 @@ + /* there's probably a better way to do this */ + if (setup == 0) { + if (FD_ISSET(csock, &rfd)) { +- len = read(csock, buffer, sizeof(buffer)); ++ len = read(csock, buffer, sizeof(buffer) -1); + if (len<=0) + break; + else { +- sscanf(buffer,"%s%d%[^\n]",version,&code,descr); ++ buffer[len] = '\0'; ++ sscanf(buffer,"%256s%3d%[^\n]",version,&code,descr); + if ((strncmp(version,"HTTP/",5) == 0) && (code >= 200) && (code < 300)) + setup = 1; + else { |