pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/openmotif Fix a number of buffer overflows in Open...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fc8df1f6a64a
branches: trunk
changeset: 505788:fc8df1f6a64a
user: joerg <joerg%pkgsrc.org@localhost>
date: Sat Jan 07 21:08:12 2006 +0000
description:
Fix a number of buffer overflows in OpenMotif's UIL implementation.
For non-propolice systems this might be exploitable when the
user-provided data (e.g. certain filenames) or the locale files are
manipulated.
Mostly-found-by: xfocus, see [xfocus-SD-051202] on VulnWatch. Some
additional cases are handled which have the same impact.
Bump revision.
diffstat:
x11/openmotif/Makefile | 3 +-
x11/openmotif/distinfo | 4 +-
x11/openmotif/patches/patch-bj | 70 ++++++++++++++++++++++++++++++++++++++++++
x11/openmotif/patches/patch-bk | 16 +++++++++
4 files changed, 91 insertions(+), 2 deletions(-)
diffs (123 lines):
diff -r 78bcc7770637 -r fc8df1f6a64a x11/openmotif/Makefile
--- a/x11/openmotif/Makefile Sat Jan 07 20:26:13 2006 +0000
+++ b/x11/openmotif/Makefile Sat Jan 07 21:08:12 2006 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.39 2005/12/12 19:55:41 joerg Exp $
+# $NetBSD: Makefile,v 1.40 2006/01/07 21:08:12 joerg Exp $
PKGVER= 2.2.3
DISTNAME= openMotif-${PKGVER}
PKGNAME= openmotif-${PKGVER}
+PKGREVISION= 1
CATEGORIES= x11
MASTER_SITES= http://ftp.motifzone.com/src/
diff -r 78bcc7770637 -r fc8df1f6a64a x11/openmotif/distinfo
--- a/x11/openmotif/distinfo Sat Jan 07 20:26:13 2006 +0000
+++ b/x11/openmotif/distinfo Sat Jan 07 21:08:12 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2006/01/04 15:53:15 joerg Exp $
+$NetBSD: distinfo,v 1.22 2006/01/07 21:08:12 joerg Exp $
SHA1 (openMotif-2.2.3.tar.gz) = c463653d9f8e24b35522c3ba6363ddf7a282eab4
RMD160 (openMotif-2.2.3.tar.gz) = b99230d508da57bca72b6920d28fce4187bf5179
@@ -23,3 +23,5 @@
SHA1 (patch-bg) = 582f455b066bd4f12160d719c885e9d8423632e5
SHA1 (patch-bh) = 09401eb3e5e6e7e911a9268f2ba0cd6ddaeed3b4
SHA1 (patch-bi) = 4dced20ce293f8635f121f77e9112e93766b9723
+SHA1 (patch-bj) = ac2b1d9fc09ff1bc712e776a3e2e469c1993c385
+SHA1 (patch-bk) = 3d8c264c8060616878dec5a7a21a479aa801e95d
diff -r 78bcc7770637 -r fc8df1f6a64a x11/openmotif/patches/patch-bj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/openmotif/patches/patch-bj Sat Jan 07 21:08:12 2006 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-bj,v 1.3 2006/01/07 21:08:12 joerg Exp $
+
+--- clients/uil/UilDiags.c.orig 2006-01-06 20:46:16.000000000 +0100
++++ clients/uil/UilDiags.c
+@@ -293,12 +293,12 @@ void diag_issue_diagnostic
+ va_start(ap, l_start_column);
+
+ #ifndef NO_MESSAGE_CATALOG
+- vsprintf( msg_buffer,
++ vsnprintf( msg_buffer, sizeof(msg_buffer),
+ catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ],
+ diag_rz_msg_table[ message_number ].ac_text),
+ ap );
+ #else
+- vsprintf( msg_buffer,
++ vsnprintf( msg_buffer, sizeof(msg_buffer),
+ diag_rz_msg_table[ message_number ].ac_text,
+ ap );
+ #endif
+@@ -317,13 +317,13 @@ void diag_issue_diagnostic
+ */
+
+ #ifndef NO_MESSAGE_CATALOG
+- sprintf( loc_buffer,
++ snprintf( loc_buffer, sizeof(loc_buffer),
+ catgets(uil_catd, UIL_SET_MISC,
+ UIL_MISC_0, "\t\t line: %d file: %s"),
+ az_src_rec->w_line_number,
+ src_get_file_name( az_src_rec ) );
+ #else
+- sprintf( loc_buffer,
++ snprintf( loc_buffer, sizeof(loc_buffer),
+ "\t\t line: %d file: %s",
+ az_src_rec->w_line_number,
+ src_get_file_name( az_src_rec ) );
+@@ -371,7 +371,7 @@ void diag_issue_diagnostic
+
+ if (l_start_column != diag_k_no_column)
+ #ifndef NO_MESSAGE_CATALOG
+- sprintf(loc_buffer,
++ snprintf(loc_buffer, sizeof(loc_buffer),
+ catgets(uil_catd, UIL_SET_MISC,
+ UIL_MISC_1,
+ "\t\t line: %d position: %d file: %s"),
+@@ -379,7 +379,7 @@ void diag_issue_diagnostic
+ l_start_column + 1,
+ src_get_file_name( az_src_rec ) );
+ #else
+- sprintf(loc_buffer,
++ snprintf(loc_buffer, sizeof(loc_buffer),
+ "\t\t line: %d position: %d file: %s",
+ az_src_rec->w_line_number,
+ l_start_column + 1,
+@@ -387,13 +387,14 @@ void diag_issue_diagnostic
+ #endif
+ else
+ #ifndef NO_MESSAGE_CATALOG
+- sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC,
++ snprintf( loc_buffer, sizeof(loc_buffer),
++ catgets(uil_catd, UIL_SET_MISC,
+ UIL_MISC_0,
+ "\t\t line: %d file: %s"),
+ az_src_rec->w_line_number,
+ src_get_file_name( az_src_rec ) );
+ #else
+- sprintf( loc_buffer,
++ snprintf( loc_buffer, sizeof(loc_buffer),
+ "\t\t line: %d file: %s",
+ az_src_rec->w_line_number,
+ src_get_file_name( az_src_rec ) );
diff -r 78bcc7770637 -r fc8df1f6a64a x11/openmotif/patches/patch-bk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/openmotif/patches/patch-bk Sat Jan 07 21:08:12 2006 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-bk,v 1.1 2006/01/07 21:08:12 joerg Exp $
+
+--- clients/uil/UilSrcSrc.c.orig 2006-01-06 20:50:23.000000000 +0100
++++ clients/uil/UilSrcSrc.c
+@@ -629,8 +629,10 @@ open_source_file( XmConst char
+ char buffer[256];
+
+
+- /* place the file name in the expanded_name buffer */
++ if (strlen(c_file_name) >= sizeof(buffer + 1))
++ return src_k_open_error;
+
++ /* place the file name in the expanded_name buffer */
+ strcpy(buffer, c_file_name);
+
+ /* Determine if this is the main file or an include file. */
Home |
Main Index |
Thread Index |
Old Index