Fix an exploitable buffer overflow.

PR: ports/95397 Submitted by: Petr Rehor <prehor@gmail.com>
svn path=/head/; revision=158935
2024-11-20 00:21:35 +00:00 · 2006-04-06 07:22:10 +00:00 · 2006-04-06 07:22:10 +00:00 · 4aa2bd955e · 2021-03-31 03:12:20 +00:00
commit 4aa2bd955e
parent 6f9844f3ea
2 changed files with 21 additions and 1 deletions
--- a/archivers/zoo/Makefile
+++ b/archivers/zoo/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	zoo
 PORTVERSION=	2.10.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	ftp://ftp.kiarchive.ru/pub/unix/arcers/
 DISTNAME=	zoo-2.10pl1
--- a/archivers/zoo/files/patch-misc.c
+++ b/archivers/zoo/files/patch-misc.c
@ -0,0 +1,20 @@
+--- misc.c.orig	Tue Jul 16 17:52:54 1991
+++ misc.c	Thu Apr  6 08:45:41 2006
+@@ -135,11 +135,16 @@
+ char *fullpath (direntry)
+ struct direntry *direntry;
+ {
+-	static char result[PATHSIZE];
+	static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */
+ 	combine (result,
+ 				direntry->dirlen != 0 ? direntry->dirname : "", 
+ 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
+ 			  );
+
+	if (strlen (result) >= PATHSIZE) {
+		prterror ('f', "Combined dirname and filename too long\n");
+	}
+
+ 	return (result);
+ }
+