diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2004-05-19 20:22:03 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2004-05-19 20:22:03 +0000 |
| commit | 343dd5f453e82c8699bf893fd1d25357cb0f89ed (patch) | |
| tree | b30f3fba7e1e3d4646f211aae5f28e255f06ab9c /www/neon28 | |
| parent | Add subversion and neon date parsing vulnerabilities. (diff) | |
Correct an exploitable vulnerability in neon's date parsing.
http://vuxml.freebsd.org/8d075001-a9ce-11d8-9c6d-0020ed76ef5a.html
The patch was supplied by Joe Orton.
Notes
Notes:
svn path=/head/; revision=109519
Diffstat (limited to 'www/neon28')
| -rw-r--r-- | www/neon28/Makefile | 1 | ||||
| -rw-r--r-- | www/neon28/files/patch-ne_dates.c | 43 |
2 files changed, 44 insertions, 0 deletions
diff --git a/www/neon28/Makefile b/www/neon28/Makefile index fd1718d4577e..5733123b0945 100644 --- a/www/neon28/Makefile +++ b/www/neon28/Makefile @@ -7,6 +7,7 @@ PORTNAME= neon PORTVERSION= 0.24.5 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.webdav.org/neon/ diff --git a/www/neon28/files/patch-ne_dates.c b/www/neon28/files/patch-ne_dates.c new file mode 100644 index 000000000000..2a1ba4ae826d --- /dev/null +++ b/www/neon28/files/patch-ne_dates.c @@ -0,0 +1,43 @@ +Index: src/ne_dates.c +=================================================================== +RCS file: /home/cvs/neon/src/ne_dates.c,v +retrieving revision 1.28.2.1 +diff -u -r1.28.2.1 ne_dates.c +--- src/ne_dates.c 2 May 2004 16:00:35 -0000 1.28.2.1 ++++ src/ne_dates.c 2 May 2004 18:21:53 -0000 +@@ -47,7 +47,7 @@ + /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */ + #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT" + /* RFC850: Sunday, 06-Nov-94 08:49:37 GMT */ +-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT" ++#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT" + /* asctime: Wed Jun 30 21:49:08 1993 */ + #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d" + +@@ -133,7 +133,7 @@ + time_t ne_rfc1123_parse(const char *date) + { + struct tm gmt = {0}; +- static char wkday[4], mon[4]; ++ char wkday[4], mon[4]; + int n; + /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */ + n = sscanf(date, RFC1123_FORMAT, +@@ -156,7 +156,7 @@ + { + struct tm gmt = {0}; + int n; +- static char wkday[10], mon[4]; ++ char wkday[11], mon[4]; + /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */ + n = sscanf(date, RFC1036_FORMAT, + wkday, &gmt.tm_mday, mon, &gmt.tm_year, +@@ -189,7 +189,7 @@ + { + struct tm gmt = {0}; + int n; +- static char wkday[4], mon[4]; ++ char wkday[4], mon[4]; + n = sscanf(date, ASCTIME_FORMAT, + wkday, mon, &gmt.tm_mday, + &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec, |