Close overflow

Submitted by: simon
author: Andrey A. Chernov <ache@FreeBSD.org> 2004-12-01 20:14:18 +0000
committer: Andrey A. Chernov <ache@FreeBSD.org> 2004-12-01 20:14:18 +0000
commit: d84e0775bba1e68c85f1d34aa90ee80c4801639d (patch)
tree: 14c278d3d633f920354fe2ca4a5250ec634f10c6 /archivers/zip
parent: Add CVE to zip vulnerability. (diff)
2 files changed, 26 insertions, 1 deletions
diff --git a/archivers/zip/Makefile b/archivers/zip/Makefile
index c624070ff6bd..d2bc4b9825dd 100644
--- a/archivers/zip/Makefile
+++ b/archivers/zip/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	zip
 PORTVERSION=	2.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	ftp://ftp.uu.net/pub/archiving/zip/src/ \
 		${MASTER_SITE_TEX_CTAN:S,%SUBDIR%,tools/zip/info-zip/src/,}
diff --git a/archivers/zip/files/patch-over b/archivers/zip/files/patch-over
new file mode 100644
index 000000000000..ec03a1e132a4
--- /dev/null
+++ b/archivers/zip/files/patch-over
@@ -0,0 +1,25 @@
+--- zip-2.3/unix/unix.c.orig    2004-11-05 15:44:41.000000000 -0500
++++ unix/unix.c 2004-11-05 15:50:28.000000000 -0500
+@@ -319,8 +319,8 @@ iztimes *t;             /* return value:
+    a file size of -1 */
+ {
+   struct stat s;        /* results of stat() */
+-  char name[FNMAX];
+-  int len = strlen(f);
++  char *name;
++  size_t len = strlen(f);
+ 
+   if (f == label) {
+     if (a != NULL)
+@@ -331,6 +331,11 @@ iztimes *t;             /* return value:
+       t->atime = t->mtime = t->ctime = label_utim;
+     return label_time;
+   }
++
++  name = malloc(len+1);
++  if (!name)
++    return 0;
++
+   strcpy(name, f);
+   if (name[len - 1] == '/')
+     name[len - 1] = '\0';
author	Andrey A. Chernov <ache@FreeBSD.org>	2004-12-01 20:14:18 +0000
committer	Andrey A. Chernov <ache@FreeBSD.org>	2004-12-01 20:14:18 +0000
commit	d84e0775bba1e68c85f1d34aa90ee80c4801639d (patch)
tree	14c278d3d633f920354fe2ca4a5250ec634f10c6 /archivers/zip
parent	Add CVE to zip vulnerability. (diff)