pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2016Q2]: pkgsrc/devel/cvsps Pullup ticket #5074 - requested by...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/62cf049b9cb2
branches:  pkgsrc-2016Q2
changeset: 408854:62cf049b9cb2
user:      spz <spz%pkgsrc.org@localhost>
date:      Thu Jul 28 12:56:35 2016 +0000

description:
Pullup ticket #5074 - requested by christos
devel/cvsps: security patch

Revisions pulled up:
- devel/cvsps/Makefile                                          1.27
- devel/cvsps/distinfo                                          1.14
- devel/cvsps/patches/patch-ag                                  1.2

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   christos
   Date:           Mon Jul 25 05:10:03 UTC 2016

   Modified Files:
           pkgsrc/devel/cvsps: Makefile distinfo
           pkgsrc/devel/cvsps/patches: patch-ag

   Log Message:
   Fix buffer overflow on long lines


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/cvsps/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/cvsps/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/cvsps/patches/patch-ag

diffstat:

 devel/cvsps/Makefile         |   4 +-
 devel/cvsps/distinfo         |   4 +-
 devel/cvsps/patches/patch-ag |  92 +++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 91 insertions(+), 9 deletions(-)

diffs (134 lines):

diff -r 4bddd263e089 -r 62cf049b9cb2 devel/cvsps/Makefile
--- a/devel/cvsps/Makefile      Wed Jul 20 18:53:40 2016 +0000
+++ b/devel/cvsps/Makefile      Thu Jul 28 12:56:35 2016 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.26.14.1 2016/07/28 12:56:35 spz Exp $
 #
 
 DISTNAME=      cvsps-2.1
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    devel scm
 MASTER_SITES=  ${HOMEPAGE}
 
diff -r 4bddd263e089 -r 62cf049b9cb2 devel/cvsps/distinfo
--- a/devel/cvsps/distinfo      Wed Jul 20 18:53:40 2016 +0000
+++ b/devel/cvsps/distinfo      Thu Jul 28 12:56:35 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2015/11/03 03:27:21 agc Exp $
+$NetBSD: distinfo,v 1.13.6.1 2016/07/28 12:56:35 spz Exp $
 
 SHA1 (cvsps-2.1.tar.gz) = a53a62b121e7b86e07a393bcb8aa4f0492a747c4
 RMD160 (cvsps-2.1.tar.gz) = a3063f638fbf1136761549658432d5842e4a766f
@@ -10,4 +10,4 @@
 SHA1 (patch-ad) = 20d84dc236a5c259677fdf68268de5bb64e6d26f
 SHA1 (patch-ae) = 345036b4021f90a2f6629a5d32e85caa786d961f
 SHA1 (patch-af) = d32eb67ede1d81ee3abe55a7f94515fcf3ea93cf
-SHA1 (patch-ag) = 38ea212acde5e07aee33413c79f893e311ebb85e
+SHA1 (patch-ag) = c68adbb42938ecb2f42c55bc9be0aa6db3b013f9
diff -r 4bddd263e089 -r 62cf049b9cb2 devel/cvsps/patches/patch-ag
--- a/devel/cvsps/patches/patch-ag      Wed Jul 20 18:53:40 2016 +0000
+++ b/devel/cvsps/patches/patch-ag      Thu Jul 28 12:56:35 2016 +0000
@@ -1,14 +1,96 @@
-$NetBSD: patch-ag,v 1.1 2012/06/29 14:59:24 christos Exp $
+$NetBSD: patch-ag,v 1.1.34.1 2016/07/28 12:56:35 spz Exp $
+
+Keep reading for M
+Avoid buffer overflow (truncate).
 
---- cvs_direct.c.orig  2012-06-28 17:52:13.000000000 -0400
-+++ cvs_direct.c       2012-06-28 17:52:51.000000000 -0400
-@@ -916,7 +916,9 @@
+--- cvs_direct.c.orig  2005-05-25 23:39:40.000000000 -0400
++++ cvs_direct.c       2016-07-25 01:06:39.000000000 -0400
+@@ -45,7 +45,7 @@
+ static void send_string(CvsServerCtx *, const char *, ...);
+ static int read_response(CvsServerCtx *, const char *);
+ static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp);
+-static int read_line(CvsServerCtx * ctx, char * p);
++static int read_line(CvsServerCtx * ctx, char * p, size_t);
+ 
+ static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *);
+ static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *);
+@@ -131,7 +131,7 @@
+       send_string(ctx, "valid-requests\n");
+ 
+       /* check for the commands we will issue */
+-      read_line(ctx, buff);
++      read_line(ctx, buff, sizeof(buff));
+       if (strncmp(buff, "Valid-requests", 14) != 0)
+       {
+           debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command");
+@@ -150,7 +150,7 @@
+           return NULL;
+       }
+       
+-      read_line(ctx, buff);
++      read_line(ctx, buff, sizeof(buff));
+       if (strcmp(buff, "ok") != 0)
+       {
+           debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command");
+@@ -661,7 +661,7 @@
+     return len;
+ }
+ 
+-static int read_line(CvsServerCtx * ctx, char * p)
++static int read_line(CvsServerCtx * ctx, char * p, size_t size)
+ {
+     int len = 0;
+     while (1)
+@@ -672,7 +672,7 @@
+ 
+       *p = *ctx->head++;
+ 
+-      if (*p == '\n')
++      if (*p == '\n' || len >= size - 1)
+       {
+           *p = 0;
+           break;
+@@ -689,7 +689,7 @@
+     /* FIXME: more than 1 char at a time */
+     char resp[BUFSIZ];
+ 
+-    if (read_line(ctx, resp) < 0)
++    if (read_line(ctx, resp, sizeof(resp)) < 0)
+       return 0;
+ 
+     debug(DEBUG_TCP, "response '%s' read", resp);
+@@ -703,7 +703,7 @@
+ 
+     while (1)
+     {
+-      read_line(ctx, line);
++      read_line(ctx, line, sizeof(line));
+       debug(DEBUG_TCP, "ctx_to_fp: %s", line);
+       if (memcmp(line, "M ", 2) == 0)
+       {
+@@ -879,7 +879,7 @@
+     char lbuff[BUFSIZ];
+     int len;
+ 
+-    len = read_line(ctx, lbuff);
++    len = read_line(ctx, lbuff, sizeof(lbuff));
+     debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff);
+ 
+     if (memcmp(lbuff, "M ", 2) == 0)
+@@ -910,13 +910,15 @@
+     char lbuff[BUFSIZ];
+     strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct");
+     send_string(ctx, "version\n");
+-    read_line(ctx, lbuff);
++    read_line(ctx, lbuff, sizeof(lbuff));
+     if (memcmp(lbuff, "M ", 2) == 0)
+       sprintf(server_version, "Server: %s", lbuff + 2);
      else
        debug(DEBUG_APPERROR, "cvs_direct: didn't read version: %s", lbuff);
      
 -    read_line(ctx, lbuff);
 +    do
-+      read_line(ctx, lbuff);
++      read_line(ctx, lbuff, sizeof(lbuff));
 +    while(memcmp(lbuff, "M ", 2) == 0);
      if (strcmp(lbuff, "ok") != 0)
        debug(DEBUG_APPERROR, "cvs_direct: protocol error reading version");



Home | Main Index | Thread Index | Old Index