Security: fix a buffer overflow in word-list-compress:

- <http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2> - <http://nettwerked.mg2.org/advisories/wlc> Since I'm there, switch from libtool 1.3 to 1.5, to cope with PR ports/63944. Obtained from: Robert Nagy <robert@openbsd.org>.
svn path=/head/; revision=111849
2025-01-15 07:56:36 +00:00 · 2004-06-20 09:04:32 +00:00 · 2004-06-20 09:04:32 +00:00 · 6fcb668607 · 2021-03-31 03:12:20 +00:00
commit 6fcb668607
parent a27ee4c587
4 changed files with 75 additions and 2 deletions
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@ -20,3 +20,4 @@ webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
+*aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@ -20,3 +20,4 @@ webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
+*aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4
--- a/textproc/aspell/Makefile
+++ b/textproc/aspell/Makefile
@ -7,7 +7,7 @@

 PORTNAME?=	aspell
 PORTVERSION=	0.50.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES+=	textproc
 MASTER_SITES=	http://aspell.net/	\
 		${MASTER_SITE_GNU}
@ -22,7 +22,7 @@ COMMENT?=	Spelling checker with better suggestion logic than ispell
 BUILD_DEPENDS+=	bzip2:${PORTSDIR}/archivers/bzip2
 .endif

-USE_LIBTOOL_VER=13
+USE_LIBTOOL_VER=	15
 CONFIGURE_TARGET=	--build=${ARCH}-portbld-freebsd${OSREL}
 CONFIGURE_ARGS=	--enable-dict-dir=${DATADIR} \
 		--enable-doc-dir=${DOCSDIR}
--- a/textproc/aspell/files/patch-prog-compress.c
+++ b/textproc/aspell/files/patch-prog-compress.c
@ -0,0 +1,71 @@
+--- prog/compress.c.orig	Sat Aug 31 20:51:11 2002
+++ prog/compress.c	Sat Jun 19 16:10:04 2004
+@@ -28,6 +28,11 @@
+ 
+ #endif
+ 
+#define WORD_BUFF_SIZE 256
+
+int count = 0;
+
+
+ void usage () 
+ {
+   fputs("Compresses or uncompresses sorted word lists.\n"     , stderr);
+@@ -45,8 +50,9 @@
+   if (c == EOF) return 0;
+   do {
+     *w++ = (char)(c);
+-  } while (c = getc(in), c != EOF && c > 32);
+  } while (c = getc(in), c != EOF && c > 32 && count < (WORD_BUFF_SIZE - 1));
+   *w = '\0';
+  count++;
+   ungetc(c, in);
+   if (c == EOF) return 0;
+   else return 1;
+@@ -61,8 +67,8 @@
+     
+   } else if (argv[1][0] == 'c') {
+ 
+-    char s1[256];
+-    char s2[256];
+    char s1[WORD_BUFF_SIZE];
+    char s2[WORD_BUFF_SIZE];
+     char * prev = s2;
+     char * cur = s1;
+     *prev = '\0';
+@@ -69,6 +75,7 @@
+ 
+     SETBIN (stdout);
+ 
+	while (count < WORD_BUFF_SIZE) {
+     while (get_word(stdin, cur)) {
+       int i = 0;
+       /* get the length of the prefix */
+@@ -85,11 +92,12 @@
+ 	prev = s2; cur = s1;
+       }
+     }
+	}
+     return 0;
+ 
+   } else if (argv[1][0] == 'd') {
+     
+-    char cur[256];
+    char cur[WORD_BUFF_SIZE];
+     int i;
+     int c;
+ 
+@@ -100,8 +108,11 @@
+       if (i == 0)
+ 	i = getc(stdin);
+       --i;  
+-      while ((c = getc(stdin)) > 32)
+      while ((c = getc(stdin)) > 32 && i < (WORD_BUFF_SIZE -1)) {
+ 	cur[i++] = (char)c;
+	count++;
+	}
+
+       cur[i] = '\0';
+       fputs(cur, stdout);
+       putc('\n', stdout);