summaryrefslogtreecommitdiff
path: root/x11-servers
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2004-02-12 20:16:05 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2004-02-12 20:16:05 +0000
commit64c03a02adf61c00cc5e5d4f85e9205709e0b97b (patch)
treefa23661be43bce463873dc20e847b725550e08eb /x11-servers
parentFix build after kde 3.2 (diff)
Fix several buffer overflow issues in the fontpath handling code.
Remove an earlier patch which only partially addressed these issues. Approved by: so
Diffstat (limited to 'x11-servers')
-rw-r--r--x11-servers/XFree86-4-Server-snap/Makefile2
-rw-r--r--x11-servers/XFree86-4-Server-snap/files/patch-dirfile.c13
-rw-r--r--x11-servers/XFree86-4-Server-snap/files/patch-xc::lib::font::fontfile185
-rw-r--r--x11-servers/XFree86-4-Server/Makefile4
-rw-r--r--x11-servers/XFree86-4-Server/files/patch-dirfile.c13
-rw-r--r--x11-servers/XFree86-4-Server/files/patch-xc::lib::font::fontfile185
6 files changed, 373 insertions, 29 deletions
diff --git a/x11-servers/XFree86-4-Server-snap/Makefile b/x11-servers/XFree86-4-Server-snap/Makefile
index ccd8a0f89e7b..c2d3e1ba6624 100644
--- a/x11-servers/XFree86-4-Server-snap/Makefile
+++ b/x11-servers/XFree86-4-Server-snap/Makefile
@@ -7,7 +7,7 @@
PORTNAME= Server
PORTVERSION= 4.3.99.15
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= x11-servers
MASTER_SITES= ${MASTER_SITE_XFREE:S|source/||:S/$/:x/} \
${MASTER_SITE_LOCAL:S/$/:local/}
diff --git a/x11-servers/XFree86-4-Server-snap/files/patch-dirfile.c b/x11-servers/XFree86-4-Server-snap/files/patch-dirfile.c
deleted file mode 100644
index b0891cdd6ea8..000000000000
--- a/x11-servers/XFree86-4-Server-snap/files/patch-dirfile.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- lib/font/fontfile/dirfile.c.orig Fri May 31 20:45:50 2002
-+++ lib/font/fontfile/dirfile.c Thu Feb 5 00:19:57 2004
-@@ -286,6 +286,10 @@
- status = AllocError;
- break;
- case NAME:
-+ if (strlen(lexToken) >= sizeof(alias)) {
-+ status = BadFontPath;
-+ break;
-+ }
- strcpy(alias, lexToken);
- token = lexAlias(file, &lexToken);
- switch (token) {
diff --git a/x11-servers/XFree86-4-Server-snap/files/patch-xc::lib::font::fontfile b/x11-servers/XFree86-4-Server-snap/files/patch-xc::lib::font::fontfile
new file mode 100644
index 000000000000..def6a519f7c1
--- /dev/null
+++ b/x11-servers/XFree86-4-Server-snap/files/patch-xc::lib::font::fontfile
@@ -0,0 +1,185 @@
+Index: lib/font/fontfile/dirfile.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/dirfile.c,v
+retrieving revision 3.15
+diff -u -r3.15 dirfile.c
+--- dirfile.c 31 May 2002 18:45:50 -0000 3.15
++++ dirfile.c 11 Feb 2004 21:17:20 -0000
+@@ -68,6 +68,9 @@
+
+ FontDirectoryPtr dir = NullFontDirectory;
+
++ if (strlen(directory) + 1 + sizeof(FontDirFile) > sizeof(dir_file))
++ return BadFontPath;
++
+ #ifdef FONTDIRATTRIB
+ /* Check for font directory attributes */
+ #ifndef __UNIXOS2__
+@@ -154,6 +157,9 @@
+ char dir_file[MAXFONTFILENAMELEN];
+ struct stat statb;
+
++ if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file))
++ return FALSE;
++
+ strcpy (dir_file, dir->directory);
+ strcat (dir_file, FontDirFile);
+ if (stat (dir_file, &statb) == -1)
+@@ -202,6 +208,8 @@
+ continue;
+
+ len = strlen (fileName) - renderer->fileSuffixLen;
++ if (len >= sizeof(copy))
++ continue;
+ CopyISOLatin1Lowered (copy, fileName, len);
+ copy[len] = '\0';
+ name.name = copy;
+@@ -251,9 +259,13 @@
+ int status = Successful;
+ struct stat statb;
+
++ if (strlen(directory) >= sizeof(alias_file))
++ return BadFontPath;
+ dir = *pdir;
+ strcpy(alias_file, directory);
+ if (!isFile) {
++ if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file))
++ return BadFontPath;
+ if (directory[strlen(directory) - 1] != '/')
+ strcat(alias_file, "/");
+ strcat(alias_file, FontAliasFile);
+@@ -286,6 +298,10 @@
+ status = AllocError;
+ break;
+ case NAME:
++ if (strlen(lexToken) >= sizeof(alias)) {
++ status = BadFontPath;
++ break;
++ }
+ strcpy(alias, lexToken);
+ token = lexAlias(file, &lexToken);
+ switch (token) {
+@@ -302,6 +318,10 @@
+ status = AllocError;
+ break;
+ case NAME:
++ if (strlen(lexToken) >= sizeof(font_name)) {
++ status = BadFontPath;
++ break;
++ }
+ CopyISOLatin1Lowered(alias, alias, strlen(alias));
+ CopyISOLatin1Lowered(font_name, lexToken, strlen(lexToken));
+ if (!FontFileAddFontAlias (dir, alias, font_name))
+Index: lib/font/fontfile/encparse.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/encparse.c,v
+retrieving revision 1.18
+diff -u -r1.18 encparse.c
+--- encparse.c 2 Nov 2001 03:06:40 -0000 1.18
++++ encparse.c 11 Feb 2004 21:17:20 -0000
+@@ -833,6 +833,7 @@
+ char file_name[MAXFONTFILENAMELEN], encoding_name[MAXFONTNAMELEN],
+ buf[MAXFONTFILENAMELEN];
+ int count, n;
++ static char format[24] = "";
+
+ /* As we don't really expect to open encodings that often, we don't
+ take the trouble of caching encodings directories. */
+@@ -848,8 +849,12 @@
+ }
+
+ encoding = NULL;
++ if (!format[0]) {
++ sprintf(format, "%%%ds %%%d[^\n]\n", sizeof(encoding_name) - 1,
++ sizeof(file_name) - 1);
++ }
+ for(;;) {
+- count = fscanf(file, "%s %[^\n]\n", encoding_name, file_name);
++ count = fscanf(file, format, encoding_name, file_name);
+ if(count == EOF)
+ break;
+ if(count != 2)
+Index: lib/font/fontfile/fontfile.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/fontfile.c,v
+retrieving revision 3.16
+diff -u -r3.16 fontfile.c
+--- fontfile.c 31 May 2002 18:45:50 -0000 3.16
++++ fontfile.c 11 Feb 2004 21:17:20 -0000
+@@ -424,11 +424,16 @@
+ vals.ranges = ranges;
+ vals.nranges = nranges;
+
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
+ flags, entry, fileName, &vals, format, fmask,
+ non_cachable_font);
++ }
+
+ /* In case rasterizer does something bad because of
+ charset subsetting... */
+@@ -497,6 +502,8 @@
+
+ dir = (FontDirectoryPtr) fpe->private;
+ bitmap = &entry->u.bitmap;
++ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
++ return BadFontName;
+ strcpy (fileName, dir->directory);
+ strcat (fileName, bitmap->fileName);
+ ret = (*bitmap->renderer->OpenBitmap)
+@@ -530,6 +537,8 @@
+
+ dir = (FontDirectoryPtr) fpe->private;
+ bitmap = &entry->u.bitmap;
++ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
++ return BadFontName;
+ strcpy (fileName, dir->directory);
+ strcat (fileName, bitmap->fileName);
+ ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName);
+@@ -891,10 +900,15 @@
+ vals.ranges = FontParseRanges(origName, &vals.nranges);
+ ranges = vals.ranges;
+ /* Make a new scaled instance */
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->GetInfoScalable)
+- (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->GetInfoScalable)
++ (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
++ }
+ if (ranges) xfree(ranges);
+ }
+ }
+@@ -931,10 +945,15 @@
+ bc = &entry->u.bc;
+ entry = bc->entry;
+ /* Make a new scaled instance */
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->GetInfoScalable)
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->GetInfoScalable)
+ (fpe, *pFontInfo, entry, tmpName, fileName, &bc->vals);
++ }
+ break;
+ #endif
+ default:
diff --git a/x11-servers/XFree86-4-Server/Makefile b/x11-servers/XFree86-4-Server/Makefile
index ad0cd4d35251..75f2abd0bd94 100644
--- a/x11-servers/XFree86-4-Server/Makefile
+++ b/x11-servers/XFree86-4-Server/Makefile
@@ -7,7 +7,7 @@
PORTNAME= Server
PORTVERSION= 4.3.0
-PORTREVISION= 13
+PORTREVISION= 14
CATEGORIES= x11-servers
MASTER_SITES= ${MASTER_SITE_XFREE:S/$/:x/} \
${MASTER_SITE_LOCAL:S/$/:local/}
@@ -36,7 +36,6 @@ EXTRA_PATCHES+= \
${FILESDIR}/patch-bus-Imakefile \
${FILESDIR}/patch-bus_Imakefile \
${FILESDIR}/patch-compiler.h \
- ${FILESDIR}/patch-dirfile.c \
${FILESDIR}/patch-elfloader.c \
${FILESDIR}/patch-freebsdPci.c \
${FILESDIR}/patch-ftfuncs.c \
@@ -57,6 +56,7 @@ EXTRA_PATCHES+= \
${FILESDIR}/patch-savage-pci-id \
${FILESDIR}/patch-smi \
${FILESDIR}/patch-sunffb_Imakefile \
+ ${FILESDIR}/patch-xc::lib::font::fontfile \
${FILESDIR}/patch-xf86-common-Imakefile \
${FILESDIR}/patch-xf86Events.c \
${FILESDIR}/patch-xf86Sbus.h \
diff --git a/x11-servers/XFree86-4-Server/files/patch-dirfile.c b/x11-servers/XFree86-4-Server/files/patch-dirfile.c
deleted file mode 100644
index b0891cdd6ea8..000000000000
--- a/x11-servers/XFree86-4-Server/files/patch-dirfile.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- lib/font/fontfile/dirfile.c.orig Fri May 31 20:45:50 2002
-+++ lib/font/fontfile/dirfile.c Thu Feb 5 00:19:57 2004
-@@ -286,6 +286,10 @@
- status = AllocError;
- break;
- case NAME:
-+ if (strlen(lexToken) >= sizeof(alias)) {
-+ status = BadFontPath;
-+ break;
-+ }
- strcpy(alias, lexToken);
- token = lexAlias(file, &lexToken);
- switch (token) {
diff --git a/x11-servers/XFree86-4-Server/files/patch-xc::lib::font::fontfile b/x11-servers/XFree86-4-Server/files/patch-xc::lib::font::fontfile
new file mode 100644
index 000000000000..def6a519f7c1
--- /dev/null
+++ b/x11-servers/XFree86-4-Server/files/patch-xc::lib::font::fontfile
@@ -0,0 +1,185 @@
+Index: lib/font/fontfile/dirfile.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/dirfile.c,v
+retrieving revision 3.15
+diff -u -r3.15 dirfile.c
+--- dirfile.c 31 May 2002 18:45:50 -0000 3.15
++++ dirfile.c 11 Feb 2004 21:17:20 -0000
+@@ -68,6 +68,9 @@
+
+ FontDirectoryPtr dir = NullFontDirectory;
+
++ if (strlen(directory) + 1 + sizeof(FontDirFile) > sizeof(dir_file))
++ return BadFontPath;
++
+ #ifdef FONTDIRATTRIB
+ /* Check for font directory attributes */
+ #ifndef __UNIXOS2__
+@@ -154,6 +157,9 @@
+ char dir_file[MAXFONTFILENAMELEN];
+ struct stat statb;
+
++ if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file))
++ return FALSE;
++
+ strcpy (dir_file, dir->directory);
+ strcat (dir_file, FontDirFile);
+ if (stat (dir_file, &statb) == -1)
+@@ -202,6 +208,8 @@
+ continue;
+
+ len = strlen (fileName) - renderer->fileSuffixLen;
++ if (len >= sizeof(copy))
++ continue;
+ CopyISOLatin1Lowered (copy, fileName, len);
+ copy[len] = '\0';
+ name.name = copy;
+@@ -251,9 +259,13 @@
+ int status = Successful;
+ struct stat statb;
+
++ if (strlen(directory) >= sizeof(alias_file))
++ return BadFontPath;
+ dir = *pdir;
+ strcpy(alias_file, directory);
+ if (!isFile) {
++ if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file))
++ return BadFontPath;
+ if (directory[strlen(directory) - 1] != '/')
+ strcat(alias_file, "/");
+ strcat(alias_file, FontAliasFile);
+@@ -286,6 +298,10 @@
+ status = AllocError;
+ break;
+ case NAME:
++ if (strlen(lexToken) >= sizeof(alias)) {
++ status = BadFontPath;
++ break;
++ }
+ strcpy(alias, lexToken);
+ token = lexAlias(file, &lexToken);
+ switch (token) {
+@@ -302,6 +318,10 @@
+ status = AllocError;
+ break;
+ case NAME:
++ if (strlen(lexToken) >= sizeof(font_name)) {
++ status = BadFontPath;
++ break;
++ }
+ CopyISOLatin1Lowered(alias, alias, strlen(alias));
+ CopyISOLatin1Lowered(font_name, lexToken, strlen(lexToken));
+ if (!FontFileAddFontAlias (dir, alias, font_name))
+Index: lib/font/fontfile/encparse.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/encparse.c,v
+retrieving revision 1.18
+diff -u -r1.18 encparse.c
+--- encparse.c 2 Nov 2001 03:06:40 -0000 1.18
++++ encparse.c 11 Feb 2004 21:17:20 -0000
+@@ -833,6 +833,7 @@
+ char file_name[MAXFONTFILENAMELEN], encoding_name[MAXFONTNAMELEN],
+ buf[MAXFONTFILENAMELEN];
+ int count, n;
++ static char format[24] = "";
+
+ /* As we don't really expect to open encodings that often, we don't
+ take the trouble of caching encodings directories. */
+@@ -848,8 +849,12 @@
+ }
+
+ encoding = NULL;
++ if (!format[0]) {
++ sprintf(format, "%%%ds %%%d[^\n]\n", sizeof(encoding_name) - 1,
++ sizeof(file_name) - 1);
++ }
+ for(;;) {
+- count = fscanf(file, "%s %[^\n]\n", encoding_name, file_name);
++ count = fscanf(file, format, encoding_name, file_name);
+ if(count == EOF)
+ break;
+ if(count != 2)
+Index: lib/font/fontfile/fontfile.c
+===================================================================
+RCS file: /home/x-cvs/xc/lib/font/fontfile/fontfile.c,v
+retrieving revision 3.16
+diff -u -r3.16 fontfile.c
+--- fontfile.c 31 May 2002 18:45:50 -0000 3.16
++++ fontfile.c 11 Feb 2004 21:17:20 -0000
+@@ -424,11 +424,16 @@
+ vals.ranges = ranges;
+ vals.nranges = nranges;
+
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
+ flags, entry, fileName, &vals, format, fmask,
+ non_cachable_font);
++ }
+
+ /* In case rasterizer does something bad because of
+ charset subsetting... */
+@@ -497,6 +502,8 @@
+
+ dir = (FontDirectoryPtr) fpe->private;
+ bitmap = &entry->u.bitmap;
++ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
++ return BadFontName;
+ strcpy (fileName, dir->directory);
+ strcat (fileName, bitmap->fileName);
+ ret = (*bitmap->renderer->OpenBitmap)
+@@ -530,6 +537,8 @@
+
+ dir = (FontDirectoryPtr) fpe->private;
+ bitmap = &entry->u.bitmap;
++ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
++ return BadFontName;
+ strcpy (fileName, dir->directory);
+ strcat (fileName, bitmap->fileName);
+ ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName);
+@@ -891,10 +900,15 @@
+ vals.ranges = FontParseRanges(origName, &vals.nranges);
+ ranges = vals.ranges;
+ /* Make a new scaled instance */
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->GetInfoScalable)
+- (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->GetInfoScalable)
++ (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
++ }
+ if (ranges) xfree(ranges);
+ }
+ }
+@@ -931,10 +945,15 @@
+ bc = &entry->u.bc;
+ entry = bc->entry;
+ /* Make a new scaled instance */
+- strcpy (fileName, dir->directory);
+- strcat (fileName, scalable->fileName);
+- ret = (*scalable->renderer->GetInfoScalable)
++ if (strlen(dir->directory) + strlen(scalable->fileName) >=
++ sizeof(fileName)) {
++ ret = BadFontName;
++ } else {
++ strcpy (fileName, dir->directory);
++ strcat (fileName, scalable->fileName);
++ ret = (*scalable->renderer->GetInfoScalable)
+ (fpe, *pFontInfo, entry, tmpName, fileName, &bc->vals);
++ }
+ break;
+ #endif
+ default: