ports/53278: [MAINTAINER UPDATE] databases/firebird: Fix stack overflow exploit

Fri Jun 13 11:20:22 UTC 2003

>Number:         53278
>Category:       ports
>Synopsis:       [MAINTAINER UPDATE] databases/firebird: Fix stack overflow exploit
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 13 04:20:18 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Chris Knight
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
AIMS Independent Computer Professionals
>Environment:
System: FreeBSD ait0fd01.aims.private 4.8-STABLE FreeBSD 4.8-STABLE #0: Wed Jun 4 18:50:16 EST 2003 root at ait0fd01.aims.private:/var/obj/usr/src/sys/THINKPAD i386

>Description:
Close exploits detailed in the following security advisories:

http://www.securityfocus.com/archive/1/317356/2003-04-03/2003-04-09/0
http://packetstormsecurity.nl/0305-exploits/dsr-adv001.txt

Also, pre-empt the exploit of a third environment variable.

>How-To-Repeat:
N/A

>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/firebird/Makefile,v
retrieving revision 1.19
diff -u -r1.19 Makefile

--- Makefile	10 Jun 2003 09:59:45 -0000	1.19
+++ Makefile	13 Jun 2003 10:34:12 -0000
@@ -18,8 +18,6 @@
 MAINTAINER=	chris at aims.com.au
 COMMENT=	The open-source InterBase(tm) 6.0 spin-off (Classic version)
 
-FORBIDDEN=	Local Stack Overflow, see http://packetstormsecurity.nl/0305-exploits/dsr-adv001.txt
-
 WRKSRC=		${WRKDIR}/firebird-1.0.2.908
 INSTALLS_SHLIB=	yes
 LDCONFIG_DIRS=	%%PREFIX%%/firebird/lib
Index: files/patch-jrd::gds.c
===================================================================
RCS file: files/patch-jrd::gds.c
diff -N files/patch-jrd::gds.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-jrd::gds.c	13 Jun 2003 10:42:20 -0000
@@ -0,0 +1,29 @@
+--- jrd/gds.c.orig	Sun Oct 13 16:39:08 2002
++++ jrd/gds.c	Fri Jun 13 20:42:01 2003
+@@ -2736,7 +2736,7 @@
+ #endif
+             {
+                 ib_prefix = ISC_PREFIX;
+-                strcat(ib_prefix_val, ib_prefix);
++                strncat(ib_prefix_val, ib_prefix, sizeof(ib_prefix_val)-1);
+             }
+ #endif
+             ib_prefix = ib_prefix_val;
+@@ -2838,7 +2838,7 @@
+         }
+     else
+         {
+-        strcat (ib_prefix_lock_val, ib_prefix_lock); 
++        strncat(ib_prefix_lock_val, ib_prefix_lock, sizeof(ib_prefix_lock_val)-1); 
+         ib_prefix_lock = ib_prefix_lock_val;
+         }
+     }
+@@ -2939,7 +2939,7 @@
+         }
+     else
+         {
+-        strcat (ib_prefix_msg_val, ib_prefix_msg); 
++        strncat(ib_prefix_msg_val, ib_prefix_msg, sizeof(ib_prefix_msg_val)-1); 
+         ib_prefix_msg = ib_prefix_msg_val;
+         }
+     }
>Release-Note:
>Audit-Trail:
>Unformatted:

