diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-06-14 02:59:30 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-06-14 02:59:30 +0000 |
| commit | 8b0834a81a687576d26a11ffda1eb701f6a5388f (patch) | |
| tree | 35eaf5c9ce7c42d7af3e7236d4a608bd75cfc74d /net/netatalk/files/patch-CVE-2008-5718 | |
| parent | Update to 3.6.4. (diff) | |
Update to 2.0.4.
PR: 135319
Submitted by: Wang Lam <wlam+fbd@blanksquare.net> (based on)
Notes
Notes:
svn path=/head/; revision=235802
Diffstat (limited to 'net/netatalk/files/patch-CVE-2008-5718')
| -rw-r--r-- | net/netatalk/files/patch-CVE-2008-5718 | 143 |
1 files changed, 0 insertions, 143 deletions
diff --git a/net/netatalk/files/patch-CVE-2008-5718 b/net/netatalk/files/patch-CVE-2008-5718 deleted file mode 100644 index f5befd427e20..000000000000 --- a/net/netatalk/files/patch-CVE-2008-5718 +++ /dev/null @@ -1,143 +0,0 @@ ---- etc/papd/lp.c 2005/04/28 20:49:49 1.15 -+++ etc/papd/lp.c 2008/08/14 20:02:47 1.16 -@@ -258,9 +258,9 @@ - destlen -= len; - } - -- /* stuff up to next $ */ -+ /* stuff up to next % */ - src = p + 2; -- p = strchr(src, '$'); -+ p = strchr(src, '%'); - len = p ? MIN((size_t)(p - src), destlen) : destlen; - if (len > 0) { - strncpy(dest, src, len); - ---- etc/papd/lp.c 2008/08/14 20:02:47 1.16 -+++ etc/papd/lp.c 2008/08/14 20:18:50 1.17 -@@ -212,10 +212,37 @@ - - #define is_var(a, b) (strncmp((a), (b), 2) == 0) - -+static size_t quote(char *dest, char *src, const size_t bsize, size_t len) -+{ -+size_t used = 0; -+ -+ while (len && used < bsize ) { -+ switch (*src) { -+ case '$': -+ case '\\': -+ case '"': -+ case '`': -+ if (used + 2 > bsize ) -+ return used; -+ *dest = '\\'; -+ dest++; -+ used++; -+ break; -+ } -+ *dest = *src; -+ src++; -+ dest++; -+ len--; -+ used++; -+ } -+ return used; -+} -+ -+ - static char* pipexlate(char *src) - { - char *p, *q, *dest; -- static char destbuf[MAXPATHLEN]; -+ static char destbuf[MAXPATHLEN +1]; - size_t destlen = MAXPATHLEN; - int len = 0; - -@@ -224,13 +251,15 @@ - if (!src) - return NULL; - -- strncpy(dest, src, MAXPATHLEN); -- if ((p = strchr(src, '%')) == NULL) /* nothing to do */ -+ memset(dest, 0, MAXPATHLEN +1); -+ if ((p = strchr(src, '%')) == NULL) { /* nothing to do */ -+ strncpy(dest, src, MAXPATHLEN); - return destbuf; -- -- /* first part of the path. just forward to the next variable. */ -+ } -+ /* first part of the path. copy and forward to the next variable. */ - len = MIN((size_t)(p - src), destlen); - if (len > 0) { -+ strncpy(dest, src, len); - destlen -= len; - dest += len; - } -@@ -246,17 +275,20 @@ - q = lp.lp_created_for; - } else if (is_var(p, "%%")) { - q = "%"; -- } else -- q = p; -+ } - - /* copy the stuff over. if we don't understand something that we - * should, just skip it over. */ - if (q) { -- len = MIN(p == q ? 2 : strlen(q), destlen); -+ len = MIN(strlen(q), destlen); -+ len = quote(dest, q, destlen, len); -+ } -+ else { -+ len = MIN(2, destlen); - strncpy(dest, q, len); -- dest += len; -- destlen -= len; - } -+ dest += len; -+ destlen -= len; - - /* stuff up to next % */ - src = p + 2; ---- etc/papd/lp.c 2009/01/21 02:43:46 1.21 -+++ etc/papd/lp.c 2009/01/28 18:03:15 1.22 -@@ -217,7 +217,26 @@ - case '$': - case '\\': - case '"': -+ case ';': -+ case '&': -+ case '(': -+ case ')': -+ case ' ': -+ case '*': -+ case '#': -+ case '|': -+ case '>': -+ case '<': -+ case '[': -+ case ']': -+ case '{': -+ case '}': -+ case '^': -+ case '?': -+ case '~': - case '`': -+ case '\x0A': -+ case '\xFF': - if (used + 2 > bsize ) - return used; - *dest = '\\'; -@@ -247,9 +266,9 @@ - if (!src) - return NULL; - -- memset(dest, 0, MAXPATHLEN +1); -+ memset(dest, 0, sizeof(destbuf)); - if ((p = strchr(src, '%')) == NULL) { /* nothing to do */ -- strncpy(dest, src, MAXPATHLEN); -+ strncpy(dest, src, sizeof(dest) - 1); - return destbuf; - } - /* first part of the path. copy and forward to the next variable. */ |