korean/hcode: Fix buffer overflow in mail.c

Reported by: Wolfgang Frisch <wfrisch@suse.de> MFH: 2024Q2 Security: CVE-2024-34020
2025-02-05 11:35:01 +00:00 · 2024-05-01 21:52:46 +02:00 · 2024-05-01 21:52:46 +02:00 · 483d9e29e0
commit 483d9e29e0
parent 0bdbff31c5
2 changed files with 23 additions and 13 deletions
--- a/korean/hcode/Makefile
+++ b/korean/hcode/Makefile
@ -1,6 +1,6 @@
 PORTNAME=	hcode
 PORTVERSION=	2.1.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	korean
 MASTER_SITES=	http://ftp.kaist.ac.kr/hangul/incoming/ \
 		ftp://ftp.kaist.ac.kr/hangul/incoming/ \
--- a/korean/hcode/files/patch-mail.c
+++ b/korean/hcode/files/patch-mail.c
@ -1,15 +1,16 @@
--- mail.c.orig	1998-03-11 05:02:22.000000000 -0500
-+++ mail.c	2013-06-12 20:06:21.000000000 -0400
-@@ -1,4 +1,8 @@
+--- mail.c.orig	1998-03-11 10:02:22 UTC
+++ mail.c
+@@ -1,5 +1,9 @@
 +#include <ctype.h>
 #include <stdio.h>
 +#include <string.h>
-+
-+static int	ks2iso(unsigned char *, FILE *);
 
+static int	ks2iso(unsigned char *, FILE *);
+
 /* ------------------------------------------------------
     Search for Starting Mark and print out (ENGLISH) prologue
-@@ -66,9 +70,8 @@
+     mark : Starting Code
+@@ -66,9 +70,8 @@ FILE *fpin, *fpout;
 #define SI '\017'
 #define SO '\016'
 
@ -21,7 +22,7 @@
 {
     int mode=ASCII;
     int i=0;
-@@ -172,8 +175,8 @@
+@@ -172,8 +175,8 @@ void (*prwc)();
         if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL)  /* no message body  */ 
            return(1);                       /* header only (6/8/96)  */
 
@ -32,7 +33,7 @@
              header_switch(iptr,fpout);
              continue;
         }
-@@ -186,7 +189,7 @@
+@@ -186,7 +189,7 @@ void (*prwc)();
             while ( charset[++i]  != NULL ) {
 
                 sprintf(encode_prefix,"=?%s?B?",charset[i]);
@ -41,7 +42,7 @@
                 strlen(encode_prefix)) ) {
                     isbqheader=
                     bqheader_decode(&iptr,encode_prefix,Bencode, 
-@@ -195,7 +198,7 @@
+@@ -195,7 +198,7 @@ void (*prwc)();
                 }
 
                 sprintf(encode_prefix,"=?%s?Q?",charset[i]);
@ -50,7 +51,16 @@
                 strlen(encode_prefix)) ) {
                     isbqheader=
                     bqheader_decode(&iptr,encode_prefix,Qencode, 
-@@ -250,15 +253,15 @@
+@@ -238,7 +241,7 @@ int outCode;
+     unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN];
+     unsigned char *iptr, *tptr;
+ 
+-    if ( cp >= HDR_BUF_LEN ) {
+    if ( cp >= (HDR_BUF_LEN-8) ) {
+         pr2m(Printwc,fpout,outCode);
+         return;
+     }
+@@ -250,15 +253,15 @@ int outCode;
             return;
         }
         ibuf[cp++] = '\n';
@ -69,7 +79,7 @@
                 string_to_base64(obuf, tbuf);
                 fprintf(fpout,"=?EUC-KR?B?%s?=",obuf);
             }
-@@ -342,12 +345,12 @@
+@@ -342,12 +345,12 @@ void (*prwc)();
    only checks if there's any whitespace or '?'.
 */
    
@ -85,7 +95,7 @@
         iptr+=2;
         if (  encoding == Bencode) 
             base64_to_string(obuf, tbuf);
-@@ -495,7 +498,7 @@
+@@ -495,7 +498,7 @@ void header_switch(iptr,fpout)
 /* void header_switch(iptr0,fpout,name_len) */
 void header_switch(iptr,fpout)
 /* unsigned char **iptr0; */