Fix for security issue.

PR:		ports/50704
Submitted by:	NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)

japanese/samba/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	samba
 PORTVERSION=	${SAMBA_VERSION}.j${SAMBA_JA_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	japanese net
 MASTER_SITES=	ftp://ftp.samba.gr.jp/pub/samba-jp/%SUBDIR%/ \
 		ftp://ftp.iij.ad.jp/pub/SAMBA/samba-jp/%SUBDIR%/ \

japanese/samba/files/patch-security

@@ -0,0 +1,103 @@
+--- smbd/ipc.c.orig	Mon Mar 17 13:17:56 2003
++++ smbd/ipc.c	Tue Apr  8 13:17:45 2003
+@@ -398,7 +398,7 @@
+   
+ 	if (tdscnt)  {
+ 		if((data = (char *)malloc(tdscnt)) == NULL) {
+-			DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
++			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
+ 			END_PROFILE(SMBtrans);
+ 			return(ERROR_DOS(ERRDOS,ERRnomem));
+ 		} 
+@@ -412,7 +412,7 @@
+ 
+ 	if (tpscnt) {
+ 		if((params = (char *)malloc(tpscnt)) == NULL) {
+-			DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
++			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
+ 			SAFE_FREE(data);
+ 			END_PROFILE(SMBtrans);
+ 			return(ERROR_DOS(ERRDOS,ERRnomem));
+@@ -428,7 +428,7 @@
+ 	if (suwcnt) {
+ 		int i;
+ 		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+-			DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
++			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
+ 			SAFE_FREE(data);
+ 			SAFE_FREE(params);
+ 			END_PROFILE(SMBtrans);
+@@ -524,7 +524,7 @@
+ 	}
+ 	
+ 	
+-	DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
++	DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n",
+ 		 name,tdscnt,tpscnt,suwcnt));
+ 	
+ 	/*
+--- smbd/password.c.orig	Thu Nov 21 22:05:51 2002
++++ smbd/password.c	Tue Apr  8 13:17:45 2003
+@@ -816,7 +816,7 @@
+ 		if (!ok && lp_username(snum)) {
+ 			char *auser;
+ 			pstring user_list;
+-			StrnCpy(user_list,lp_username(snum),sizeof(pstring));
++			StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1);
+ 
+ 			pstring_sub(user_list,"%S",lp_servicename(snum), True);
+ 	  
+--- smbd/reply.c.orig	Wed Feb  5 15:15:15 2003
++++ smbd/reply.c	Tue Apr  8 13:17:45 2003
+@@ -1490,6 +1490,9 @@
+ 
+         for (i=numentries;(i<maxentries) && !finished;i++)
+         {
++          /* check to make sure we have room in the buffer */
++	  if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE )
++	      break;
+           finished = 
+             !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
+           if (!finished)
+@@ -3603,6 +3606,9 @@
+     
+ 
+ 		for (i=first;i<first+num_to_get;i++) {
++			/* check to make sure we have room in the buffer */
++			if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE )
++				break;
+ 			put_dos_date2(p,0,queue[i].time);
+ 			SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
+ 			SSVAL(p,5, queue[i].job);
+--- smbd/statcache.c.orig	Fri Nov  9 18:27:43 2001
++++ smbd/statcache.c	Tue Apr  8 13:17:45 2003
+@@ -88,7 +88,7 @@
+    * StrnCpy always null terminates.
+    */
+ 
+-  StrnCpy(orig_name, full_orig_name, namelen);
++  StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1));
+   if(!case_sensitive)
+     strupper( orig_name );
+ 
+--- smbd/trans2.c.orig	Mon Mar 17 13:17:56 2003
++++ smbd/trans2.c	Tue Apr  8 13:17:45 2003
+@@ -217,7 +217,6 @@
+ 	int16 open_ofun;
+ 	int32 open_size;
+ 	char *pname;
+-	int16 namelen;
+ 
+ 	pstring fname;
+ 	mode_t unixmode;
+@@ -247,9 +246,8 @@
+ 	open_ofun = SVAL(params,12);
+ 	open_size = IVAL(params,14);
+ 	pname = &params[28];
+-	namelen = strlen(pname)+1;
+ 
+-	StrnCpy(fname,pname,namelen);
++	pstrcpy(fname,pname);
+ 	if (strchr(fname,'?'))
+ 		return(ERROR_DOS(ERRDOS,ERRinvalidname));
+