Patch from vendor. From the ChangeLog:

2001-11-27 Flavio Veloso <flaviovs@magnux.com> * gnuserv.c: Fix a potential buffer overflow in permitted() that may allow the client to execute code on the server.
svn path=/head/; revision=50722
2025-01-23 09:10:43 +00:00 · 2001-11-29 15:06:19 +00:00 · 2001-11-29 15:06:19 +00:00 · 9f6e68c273 · 2021-03-31 03:12:20 +00:00
commit 9f6e68c273
parent 84433f4268
4 changed files with 32 additions and 0 deletions
--- a/devel/libgtop/Makefile
+++ b/devel/libgtop/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	libgtop
 PORTVERSION=	1.0.12
+PORTREVISION=	1
 CATEGORIES=	devel gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	stable/sources/libgtop
--- a/devel/libgtop/files/patch-src::daemon::gnuserv.c
+++ b/devel/libgtop/files/patch-src::daemon::gnuserv.c
@ -0,0 +1,15 @@
+--- src/daemon/gnuserv.c.orig	Thu Nov 29 08:58:40 2001
+++ src/daemon/gnuserv.c	Thu Nov 29 08:58:17 2001
+@@ -200,6 +200,12 @@
+ 
+ 	auth_data_len = atoi (buf);
+ 
+	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+	    syslog_message(LOG_WARNING,
+			   "Invalid data length supplied by client");
+	    return FALSE;
+	}
+
+ 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
+ 	    return FALSE;
+ 
--- a/devel/libgtop2/Makefile
+++ b/devel/libgtop2/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	libgtop
 PORTVERSION=	1.0.12
+PORTREVISION=	1
 CATEGORIES=	devel gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	stable/sources/libgtop
--- a/devel/libgtop2/files/patch-src::daemon::gnuserv.c
+++ b/devel/libgtop2/files/patch-src::daemon::gnuserv.c
@ -0,0 +1,15 @@
+--- src/daemon/gnuserv.c.orig	Thu Nov 29 08:58:40 2001
+++ src/daemon/gnuserv.c	Thu Nov 29 08:58:17 2001
+@@ -200,6 +200,12 @@
+ 
+ 	auth_data_len = atoi (buf);
+ 
+	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+	    syslog_message(LOG_WARNING,
+			   "Invalid data length supplied by client");
+	    return FALSE;
+	}
+
+ 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
+ 	    return FALSE;
+