diff options
author | Chris D. Faulhaber <jedgar@FreeBSD.org> | 2001-02-03 01:02:47 +0000 |
---|---|---|
committer | Chris D. Faulhaber <jedgar@FreeBSD.org> | 2001-02-03 01:02:47 +0000 |
commit | eaaa6953f836ec5d54a43f180e184579ef8d6b14 (patch) | |
tree | c738f412b4aab1af50423f942493bf44995a2437 /japanese/sj3/files | |
parent | - Mark port broken for ${OSVERSION} < 400000 (not supported); (diff) |
Fix locally-exploitable buffer overflow
Notes
Notes:
svn path=/head/; revision=37917
Diffstat (limited to 'japanese/sj3/files')
-rw-r--r-- | japanese/sj3/files/patch-aa | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/japanese/sj3/files/patch-aa b/japanese/sj3/files/patch-aa index 8f9a43107e17..b4670f0add7f 100644 --- a/japanese/sj3/files/patch-aa +++ b/japanese/sj3/files/patch-aa @@ -359,8 +359,8 @@ diff -arcN ../sj3-2.0.1.13.org/doc/man/sj3serv.1 ./doc/man/sj3serv.1 かな漢字変換サーバ デフォルト辞書ディレクトリ .TP sj3main.dic -*** server/setup.c.orig Mon Mar 23 04:48:02 1998 ---- server/setup.c Sun Feb 6 18:48:31 2000 +*** server/setup.c.orig Mon Mar 23 05:48:02 1998 +--- server/setup.c Fri Feb 2 19:53:37 2001 *************** *** 217,251 **** @@ -457,3 +457,45 @@ diff -arcN ../sj3-2.0.1.13.org/doc/man/sj3serv.1 ./doc/man/sj3serv.1 0, 0, 0 }; +*************** +*** 424,441 **** + int c; + int errflg = 0; + char *p; + + extern char *optarg, *strrchr(); + extern int optind; + + p = (p = strrchr(argv[0], '/')) ? p + 1 : argv[0]; +! strcpy(program_name, p); +! strcpy(runcmd_file, RunCmdFile); + + while ((c = getopt(argc, argv, "f:")) != EOF) { + switch (c) { + case 'f': +! strcpy(runcmd_file, optarg); + break; + + case '?': +--- 447,467 ---- + int c; + int errflg = 0; + char *p; ++ size_t ret; + + extern char *optarg, *strrchr(); + extern int optind; + + p = (p = strrchr(argv[0], '/')) ? p + 1 : argv[0]; +! strlcpy(program_name, p, sizeof(program_name)); +! strlcpy(runcmd_file, RunCmdFile, sizeof(runcmd_file)); + + while ((c = getopt(argc, argv, "f:")) != EOF) { + switch (c) { + case 'f': +! ret = strlcpy(runcmd_file, optarg, sizeof(runcmd_file)); +! if (ret > sizeof(runcmd_file)) +! errflg++; + break; + + case '?': |