[pkgsrc/trunk]: pkgsrc/converters/xlreader Add an (unreviewed) patch to fix t...

[cjs <cjs%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/97bea9cbf698
branches:  trunk
changeset: 493602:97bea9cbf698
user:      cjs <cjs%pkgsrc.org@localhost>
date:      Tue May 10 05:53:48 2005 +0000

description:
Add an (unreviewed) patch to fix the security vulnerability.

diffstat:

 converters/xlreader/Makefile         |   3 +-
 converters/xlreader/distinfo         |   3 +-
 converters/xlreader/patches/patch-ab |  44 ++++++++++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 2 deletions(-)

diffs (72 lines):

diff -r d4f61af32976 -r 97bea9cbf698 converters/xlreader/Makefile
--- a/converters/xlreader/Makefile      Tue May 10 05:39:14 2005 +0000
+++ b/converters/xlreader/Makefile      Tue May 10 05:53:48 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2003/07/17 21:27:47 grant Exp $
+# $NetBSD: Makefile,v 1.4 2005/05/10 05:53:48 cjs Exp $
 #
 
 DISTNAME=      xlreader-0.9.0
+PKGREVISION=   1
 CATEGORIES=    converters
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=xlreader/}
 EXTRACT_SUFX=  .tgz
diff -r d4f61af32976 -r 97bea9cbf698 converters/xlreader/distinfo
--- a/converters/xlreader/distinfo      Tue May 10 05:39:14 2005 +0000
+++ b/converters/xlreader/distinfo      Tue May 10 05:53:48 2005 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2003/04/14 17:33:16 zuntum Exp $
+$NetBSD: distinfo,v 1.2 2005/05/10 05:53:48 cjs Exp $
 
 SHA1 (xlreader-0.9.0.tgz) = 233c8663e345f9f09c326e8e303acf463e6017e3
 Size (xlreader-0.9.0.tgz) = 45838 bytes
 SHA1 (patch-aa) = 3acdc2956379bbd2c8f0871c1875ba9c1f6600f8
+SHA1 (patch-ab) = 138ec332e1691129b3336243fc7a6b88d650396a
diff -r d4f61af32976 -r 97bea9cbf698 converters/xlreader/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/converters/xlreader/patches/patch-ab      Tue May 10 05:53:48 2005 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-ab,v 1.1 2005/05/10 05:53:48 cjs Exp $
+
+--- format.c.orig      2005-05-10 13:51:38.000000000 +0900
++++ format.c   2005-05-10 14:46:25.000000000 +0900
+@@ -138,27 +138,33 @@
+       char *str;
+       char *quotedstr;
+       char *delim;
+-      char insert_start[1024 * 4];
++#define INSERT_START_SIZE (1024 * 4)
++#define INSERT_START_REMAINING (INSERT_START_SIZE - (strlen(insert_start) + 2))
++      char insert_start[INSERT_START_SIZE];
+ 
+       cell_setdateformat(dateformat);
+       for (i = 0; i < bk->sheetcount; i++) {
+               delim = "";
+               s = bk->sheet[i];
+               if (s->name != NULL) {
+-                      sprintf(insert_start,"INSERT INTO %s (",s->name);
++                      snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO %s (",s->name);
+               } else {
+-                      sprintf(insert_start,"INSERT INTO ?TABLE? (");
++                      snprintf(insert_start,INSERT_START_SIZE,"INSERT INTO ?TABLE? (");
+               }
+               for (y = 0; y < s->cols; y++) {
+                       str = cell_data_string(bk,s,0,y);
+                       if (str != NULL) {
+-                              strcat(insert_start,delim);
+-                              strcat(insert_start,str);
++                              strncat(insert_start,delim,INSERT_START_REMAINING);
++                              strncat(insert_start,str,INSERT_START_REMAINING);
+                       } else {
+-                              strcat(insert_start,delim);
++                              strncat(insert_start,delim,INSERT_START_REMAINING);
+                       }
+                       delim = ",";
+               }
++              if (strlen(insert_start) >= (INSERT_START_SIZE - 1)) {
++                      fprintf(stderr, "insert_start buffer overflow\n");
++                      exit(1);
++              }
+               for (x = 1; x < s->rows; x++) {
+                       delim = "";
+                       printf("%s) values (",insert_start);