diff options
author | Michael Nottebrock <lofi@FreeBSD.org> | 2005-01-01 13:36:18 +0000 |
---|---|---|
committer | Michael Nottebrock <lofi@FreeBSD.org> | 2005-01-01 13:36:18 +0000 |
commit | 18e5ca604b79a485db6901aa8f4e8749df21e407 (patch) | |
tree | fc0df8bfcc0db194b240ddeeff9c352c6051eb48 /x11/kdelibs3 | |
parent | Fix build. (diff) |
Patch ftp kioslave command injection vulnerability.
References:
http://www.securityfocus.com/bid/11827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
Approved by: portmgr
Diffstat (limited to 'x11/kdelibs3')
-rw-r--r-- | x11/kdelibs3/Makefile | 2 | ||||
-rw-r--r-- | x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile index d648e6186e23..ac1cd5c03b6b 100644 --- a/x11/kdelibs3/Makefile +++ b/x11/kdelibs3/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave b/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave new file mode 100644 index 000000000000..18dc66b03367 --- /dev/null +++ b/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave @@ -0,0 +1,18 @@ +diff -b -p -u -r1.213.2.1 -r1.213.2.2 +--- kioslave/ftp/ftp.cc 21 Sep 2004 16:17:56 -0000 1.213.2.1 ++++ kioslave/ftp/ftp.cc 26 Dec 2004 00:29:54 -0000 1.213.2.2 +@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm + { + assert(m_control != NULL); // must have control connection socket + ++ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1) ++ { ++ kdWarning(7102) << "Invalid command received (contains CR or LF): " ++ << cmd.data() << endl; ++ error( ERR_UNSUPPORTED_ACTION, m_host ); ++ return false; ++ } ++ + // Don't print out the password... + bool isPassCmd = (cmd.left(4).lower() == "pass"); + if ( !isPassCmd ) |