summaryrefslogtreecommitdiff
path: root/x11/kdelibs3
diff options
context:
space:
mode:
authorMichael Nottebrock <lofi@FreeBSD.org>2005-01-01 13:36:18 +0000
committerMichael Nottebrock <lofi@FreeBSD.org>2005-01-01 13:36:18 +0000
commit18e5ca604b79a485db6901aa8f4e8749df21e407 (patch)
treefc0df8bfcc0db194b240ddeeff9c352c6051eb48 /x11/kdelibs3
parentFix build. (diff)
Patch ftp kioslave command injection vulnerability.
References: http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165 Approved by: portmgr
Diffstat (limited to 'x11/kdelibs3')
-rw-r--r--x11/kdelibs3/Makefile2
-rw-r--r--x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave18
2 files changed, 19 insertions, 1 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile
index d648e6186e23..ac1cd5c03b6b 100644
--- a/x11/kdelibs3/Makefile
+++ b/x11/kdelibs3/Makefile
@@ -8,7 +8,7 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE_VERSION}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
diff --git a/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave b/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave
new file mode 100644
index 000000000000..18dc66b03367
--- /dev/null
+++ b/x11/kdelibs3/files/patch-post-3.3.2-kdelibs-kioslave
@@ -0,0 +1,18 @@
+diff -b -p -u -r1.213.2.1 -r1.213.2.2
+--- kioslave/ftp/ftp.cc 21 Sep 2004 16:17:56 -0000 1.213.2.1
++++ kioslave/ftp/ftp.cc 26 Dec 2004 00:29:54 -0000 1.213.2.2
+@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm
+ {
+ assert(m_control != NULL); // must have control connection socket
+
++ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
++ {
++ kdWarning(7102) << "Invalid command received (contains CR or LF): "
++ << cmd.data() << endl;
++ error( ERR_UNSUPPORTED_ACTION, m_host );
++ return false;
++ }
++
+ // Don't print out the password...
+ bool isPassCmd = (cmd.left(4).lower() == "pass");
+ if ( !isPassCmd )