Add a fix for a possible buffer overflow in _XlcLocaleDirName(). Privileged

binaries are not vulnerable.

Approved by:	portmgr (kris)
Obtained from:	XFree86 CVS xf-4_3-branch

x11/XFree86-4-libraries/Makefile

@@ -7,6 +7,7 @@
 
 PORTNAME=	libraries
 PORTVERSION=	4.3.0
+PORTREVISION=	1
 CATEGORIES=	x11
 MASTER_SITES=	${MASTER_SITE_XFREE:S/$/:x/} \
 		${MASTER_SITE_LOCAL:S/$/:local/}

x11/XFree86-4-libraries/files/patch-Xlc-fix

@@ -0,0 +1,108 @@
+Index: lib/X11/XlcDL.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/XlcDL.c,v
+retrieving revision 1.9
+retrieving revision 1.9.2.1
+diff -u -u -r1.9 -r1.9.2.1
+--- lib/X11/XlcDL.c	25 Nov 2002 14:04:53 -0000	1.9
++++ lib/X11/XlcDL.c	11 Mar 2003 23:18:49 -0000	1.9.2.1
+@@ -406,7 +406,7 @@
+ 
+     if (lc_name == NULL) return (XLCd)NULL;
+ 
+-    if (_XlcLocaleDirName(lc_dir, (char *)lc_name) == (char*)NULL)
++    if (_XlcLocaleDirName(lc_dir, BUFSIZE, (char *)lc_name) == (char*)NULL)
+ 	return (XLCd)NULL;
+ 
+     resolve_object(lc_dir, lc_name);
+@@ -452,7 +452,7 @@
+ 
+   lc_name = lcd->core->name;
+ 
+-  if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XIM)0;
++  if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XIM)0;
+ 
+   count = lc_count;
+   for (; count-- > 0; objects_list++) {
+@@ -498,7 +498,7 @@
+ 
+   lc_name = lcd->core->name;
+ 
+-  if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++  if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+ 
+   count = lc_count;
+   for (; count-- > 0; objects_list++) {
+@@ -543,7 +543,7 @@
+ #endif
+ 
+   lc_name = lcd->core->name;
+-  if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return False;
++  if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return False;
+ 
+   count = lc_count;
+   for (; count-- > 0; objects_list++) {
+@@ -610,7 +610,7 @@
+ 
+   lc_name = lcd->core->name;
+ 
+-  if (_XlcLocaleDirName(lc_dir, lc_name) == NULL) return (XOM)0;
++  if (_XlcLocaleDirName(lc_dir, BUFSIZE, lc_name) == NULL) return (XOM)0;
+ 
+   count = lc_count;
+   for (; count-- > 0; objects_list++) {
+Index: lib/X11/XlcPubI.h
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/XlcPubI.h,v
+retrieving revision 3.9
+retrieving revision 3.9.6.1
+diff -u -u -r3.9 -r3.9.6.1
+--- lib/X11/XlcPubI.h	16 Nov 2001 00:52:27 -0000	3.9
++++ lib/X11/XlcPubI.h	11 Mar 2003 23:18:49 -0000	3.9.6.1
+@@ -217,6 +217,7 @@
+ extern char *_XlcLocaleDirName(
+ #if NeedFunctionPrototypes
+      char*             /* dir_name */,
++     size_t,	       /* dir_len */
+      char*             /* lc_name */
+ #endif
+ );
+Index: lib/X11/lcFile.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/lib/X11/lcFile.c,v
+retrieving revision 3.30
+retrieving revision 3.30.2.1
+diff -u -u -r3.30 -r3.30.2.1
+--- lib/X11/lcFile.c	25 Nov 2002 14:04:53 -0000	3.30
++++ lib/X11/lcFile.c	11 Mar 2003 23:18:49 -0000	3.30.2.1
+@@ -429,8 +429,9 @@
+ }
+ 
+ char *
+-_XlcLocaleDirName(dir_name, lc_name)
++_XlcLocaleDirName(dir_name, dir_len, lc_name)
+      char *dir_name;
++     size_t dir_len;
+      char *lc_name;
+ {
+     char dir[PATH_MAX], buf[PATH_MAX], *name = NULL;
+@@ -486,9 +487,16 @@
+  	target_dir = args[0];
+  	target_name = lc_name;
+     }
+-    strcpy(dir_name, target_dir);
+-    strcat(dir_name, "/");
+-    strcat(dir_name, target_name);
++    /* snprintf(dir_name, dir_len, "%s/%", target_dir, target_name); */
++    strncpy(dir_name, target_dir, dir_len - 1);
++    if (strlen(target_dir) >= dir_len - 1) {
++	dir_name[dir_len - 1] = '\0';
++    } else  {
++	strcat(dir_name, "/");
++	strncat(dir_name, target_name, dir_len - strlen(dir_name) - 1);
++	if (strlen(target_name) >= dir_len - strlen(dir_name) - 1) 
++	    dir_name[dir_len - 1] = '\0';
++    }
+     if (target_name != lc_name)
+  	Xfree(target_name);
+     return dir_name;