[pkgsrc/trunk]: pkgsrc/chat/xchat Fix buffer overflow in Socks 5 code, bump p...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e22b92aa99ea
branches:  trunk
changeset: 472971:e22b92aa99ea
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Apr 14 21:27:25 2004 +0000

description:
Fix buffer overflow in Socks 5 code, bump package revision.

diffstat:

 chat/xchat/Makefile.common  |   4 ++--
 chat/xchat/distinfo         |   3 ++-
 chat/xchat/patches/patch-aa |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (51 lines):

diff -r f4cd93767449 -r e22b92aa99ea chat/xchat/Makefile.common
--- a/chat/xchat/Makefile.common        Wed Apr 14 21:16:42 2004 +0000
+++ b/chat/xchat/Makefile.common        Wed Apr 14 21:27:25 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.26 2004/04/14 16:15:21 jmmv Exp $
+# $NetBSD: Makefile.common,v 1.27 2004/04/14 21:27:25 tron Exp $
 
 DISTNAME=      xchat-1.8.11
-PKGREVISION=   6
+PKGREVISION=   7
 CATEGORIES=    chat x11
 MASTER_SITES=  ${HOMEPAGE}files/source/1.8/
 EXTRACT_SUFX=  .tar.bz2
diff -r f4cd93767449 -r e22b92aa99ea chat/xchat/distinfo
--- a/chat/xchat/distinfo       Wed Apr 14 21:16:42 2004 +0000
+++ b/chat/xchat/distinfo       Wed Apr 14 21:27:25 2004 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.20 2003/01/12 21:49:07 tron Exp $
+$NetBSD: distinfo,v 1.21 2004/04/14 21:27:25 tron Exp $
 
 SHA1 (xchat-1.8.11.tar.bz2) = 331afd74bc20797c0dec1a7e32fe014efe6cdc0a
 Size (xchat-1.8.11.tar.bz2) = 850453 bytes
+SHA1 (patch-aa) = 1e9c5159fb241f79df26f8a4ce5f897faaa9052f
 SHA1 (patch-ad) = 7dec0bd4107febc923031b80b75a1a8a36b0255b
 SHA1 (patch-ae) = baee878728bb33317258e43919ccabfcf3fd2f4a
diff -r f4cd93767449 -r e22b92aa99ea chat/xchat/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/xchat/patches/patch-aa       Wed Apr 14 21:27:25 2004 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-aa,v 1.8 2004/04/14 21:27:25 tron Exp $
+
+--- src/common/server.c.orig   Tue Dec  3 08:06:31 2002
++++ src/common/server.c        Wed Apr 14 23:18:45 2004
+@@ -837,7 +837,7 @@
+       struct sock5_connect1 sc1;
+       unsigned char *sc2;
+       unsigned int packetlen, addrlen;
+-      unsigned char buf[10];
++      unsigned char buf[260];
+ 
+       sc1.version = 5;
+       sc1.nmethods = 1;
+@@ -878,7 +878,7 @@
+       {
+               if (recv (sok, buf, 1, 0) != 1)
+                       return 1;
+-              packetlen = buf[0] + 2;
++              packetlen = buf[0] + 2; /* can't exceed 260 */
+               if (recv (sok, buf, packetlen, 0) != packetlen)
+                       return 1;
+       }