mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-02-05 11:35:01 +00:00
Code Issues Releases Activity

Fix a security hole using vendor-supplied patch.

Browse Source
This commit is contained in:
Jacques Vidrine 2002-01-02 13:52:03 +00:00
parent 70f1ecbdf0
commit 5b98288f08
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=52496
4 changed files with 250 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mail/mutt/Makefile
View File

@ -8,6 +8,7 @@
PORTNAME= mutt
PORTVERSION= 1.2.5
PORTREVISION= 1
CATEGORIES+= mail
MASTER_SITES= ftp://ftp.guug.de/pub/mutt/ \
ftp://ftp.uib.no/pub/mutt/ \

124
mail/mutt/files/patch-rfc822.c Normal file
View File

@ -0,0 +1,124 @@
diff -u -r2.9.2.1 rfc822.c
--- rfc822.c 2000/06/22 10:54:58 2.9.2.1
+++ rfc822.c 2002/01/01 10:24:05
@@ -33,6 +33,12 @@
#include "rfc822.h"
#endif
+#define terminate_string(a, b, c) do { if ((b) < (c)) a[(b)] = 0; else \
+ a[(c)] = 0; } while (0)
+
+#define terminate_buffer(a, b) terminate_string(a, b, sizeof (a) - 1)
+
+
const char RFC822Specials[] = "@.,:;<>[]\\\"()";
#define is_special(x) strchr(RFC822Specials,x)
@@ -227,12 +233,12 @@
return NULL;
}
- token[*tokenlen] = 0;
+ terminate_string (token, *tokenlen, tokenmax);
addr->mailbox = safe_strdup (token);
if (*commentlen && !addr->personal)
{
- comment[*commentlen] = 0;
+ terminate_string (comment, *commentlen, commentmax);
addr->personal = safe_strdup (comment);
}
@@ -320,9 +326,6 @@
*last = cur;
}
-#define terminate_string(a, b) do { if (b < sizeof(a) - 1) a[b] = 0; else \
- a[sizeof(a) - 1] = 0; } while (0)
-
ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
{
const char *begin, *ps;
@@ -344,12 +347,12 @@
{
if (phraselen)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (comment, commentlen);
+ terminate_buffer (comment, commentlen);
last->personal = safe_strdup (comment);
}
@@ -377,7 +380,7 @@
else if (*s == ':')
{
cur = rfc822_new_address ();
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
cur->mailbox = safe_strdup (phrase);
cur->group = 1;
@@ -401,12 +404,12 @@
{
if (phraselen)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
last->personal = safe_strdup (comment);
}
#ifdef EXACT_ADDRESS
@@ -430,7 +433,7 @@
}
else if (*s == '<')
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
cur = rfc822_new_address ();
if (phraselen)
{
@@ -459,7 +462,7 @@
}
else
{
- if (phraselen && phraselen < sizeof (phrase) - 1)
+ if (phraselen && phraselen < sizeof (phrase) - 1 && *s != '.')
phrase[phraselen++] = ' ';
if ((ps = next_token (s, phrase, &phraselen, sizeof (phrase) - 1)) == NULL)
{
@@ -473,13 +476,13 @@
if (phraselen)
{
- terminate_string (phrase, phraselen);
- terminate_string (comment, commentlen);
+ terminate_buffer (phrase, phraselen);
+ terminate_buffer (comment, commentlen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (comment, commentlen);
+ terminate_buffer (comment, commentlen);
last->personal = safe_strdup (comment);
}
#ifdef EXACT_ADDRESS
@@ -498,7 +501,7 @@
if (!addr->group && addr->mailbox && strchr (addr->mailbox, '@') == NULL)
{
p = safe_malloc (mutt_strlen (addr->mailbox) + mutt_strlen (host) + 2);
- sprintf (p, "%s@%s", addr->mailbox, host);
+ sprintf (p, "%s@%s", addr->mailbox, host); /* __SPRINTF_CHECKED__ */
safe_free ((void **) &addr->mailbox);
addr->mailbox = p;
}

1
mail/mutt14/Makefile
View File

@ -8,6 +8,7 @@
PORTNAME= mutt
PORTVERSION= 1.2.5
PORTREVISION= 1
CATEGORIES+= mail
MASTER_SITES= ftp://ftp.guug.de/pub/mutt/ \
ftp://ftp.uib.no/pub/mutt/ \

124
mail/mutt14/files/patch-rfc822.c Normal file
View File

@ -0,0 +1,124 @@
diff -u -r2.9.2.1 rfc822.c
--- rfc822.c 2000/06/22 10:54:58 2.9.2.1
+++ rfc822.c 2002/01/01 10:24:05
@@ -33,6 +33,12 @@
#include "rfc822.h"
#endif
+#define terminate_string(a, b, c) do { if ((b) < (c)) a[(b)] = 0; else \
+ a[(c)] = 0; } while (0)
+
+#define terminate_buffer(a, b) terminate_string(a, b, sizeof (a) - 1)
+
+
const char RFC822Specials[] = "@.,:;<>[]\\\"()";
#define is_special(x) strchr(RFC822Specials,x)
@@ -227,12 +233,12 @@
return NULL;
}
- token[*tokenlen] = 0;
+ terminate_string (token, *tokenlen, tokenmax);
addr->mailbox = safe_strdup (token);
if (*commentlen && !addr->personal)
{
- comment[*commentlen] = 0;
+ terminate_string (comment, *commentlen, commentmax);
addr->personal = safe_strdup (comment);
}
@@ -320,9 +326,6 @@
*last = cur;
}
-#define terminate_string(a, b) do { if (b < sizeof(a) - 1) a[b] = 0; else \
- a[sizeof(a) - 1] = 0; } while (0)
-
ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
{
const char *begin, *ps;
@@ -344,12 +347,12 @@
{
if (phraselen)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (comment, commentlen);
+ terminate_buffer (comment, commentlen);
last->personal = safe_strdup (comment);
}
@@ -377,7 +380,7 @@
else if (*s == ':')
{
cur = rfc822_new_address ();
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
cur->mailbox = safe_strdup (phrase);
cur->group = 1;
@@ -401,12 +404,12 @@
{
if (phraselen)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
last->personal = safe_strdup (comment);
}
#ifdef EXACT_ADDRESS
@@ -430,7 +433,7 @@
}
else if (*s == '<')
{
- terminate_string (phrase, phraselen);
+ terminate_buffer (phrase, phraselen);
cur = rfc822_new_address ();
if (phraselen)
{
@@ -459,7 +462,7 @@
}
else
{
- if (phraselen && phraselen < sizeof (phrase) - 1)
+ if (phraselen && phraselen < sizeof (phrase) - 1 && *s != '.')
phrase[phraselen++] = ' ';
if ((ps = next_token (s, phrase, &phraselen, sizeof (phrase) - 1)) == NULL)
{
@@ -473,13 +476,13 @@
if (phraselen)
{
- terminate_string (phrase, phraselen);
- terminate_string (comment, commentlen);
+ terminate_buffer (phrase, phraselen);
+ terminate_buffer (comment, commentlen);
add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
}
else if (commentlen && last && !last->personal)
{
- terminate_string (comment, commentlen);
+ terminate_buffer (comment, commentlen);
last->personal = safe_strdup (comment);
}
#ifdef EXACT_ADDRESS
@@ -498,7 +501,7 @@
if (!addr->group && addr->mailbox && strchr (addr->mailbox, '@') == NULL)
{
p = safe_malloc (mutt_strlen (addr->mailbox) + mutt_strlen (host) + 2);
- sprintf (p, "%s@%s", addr->mailbox, host);
+ sprintf (p, "%s@%s", addr->mailbox, host); /* __SPRINTF_CHECKED__ */
safe_free ((void **) &addr->mailbox);
addr->mailbox = p;
}