From 28840701c73f97e66da04e499313efa486737b8e Mon Sep 17 00:00:00 2001 From: Niels Heinen Date: Tue, 1 Feb 2005 09:20:40 +0000 Subject: [PATCH] Fixed a buffer overflow vulnerability in the NNTP server response handling code. Approved by: nectar (mentor), maintainer VuXML: http://vuxml.freebsd.org/7f13607b-6948-11d9-8937-00065be4b5b6.html --- news/newspost/Makefile | 1 + news/newspost/files/patch-base::socket.c | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 news/newspost/files/patch-base::socket.c diff --git a/news/newspost/Makefile b/news/newspost/Makefile index 64bc822aa0c2..54875ae7a63c 100644 --- a/news/newspost/Makefile +++ b/news/newspost/Makefile @@ -8,6 +8,7 @@ PORTNAME= newspost PORTVERSION= 2.1.1 +PORTREVISION= 1 CATEGORIES= news MASTER_SITES= http://newspost.unixcab.org/download/ diff --git a/news/newspost/files/patch-base::socket.c b/news/newspost/files/patch-base::socket.c new file mode 100644 index 000000000000..d7dbf7b75d6b --- /dev/null +++ b/news/newspost/files/patch-base::socket.c @@ -0,0 +1,11 @@ +--- base/socket.c.orig Tue Jan 18 11:08:02 2005 ++++ base/socket.c Tue Jan 18 11:10:08 2005 +@@ -126,7 +126,7 @@ + + i = 0; + pi = buffer; +- while (TRUE) { ++ while (read_count < STRING_BUFSIZE - 1) { + retval = read(sockfd, pi, 1); + if(retval < 0) + ui_socket_error(errno);