ports/53278: [MAINTAINER UPDATE] databases/firebird: Fix stack overflow exploit
Chris Knight
chris at aims.com.au
Fri Jun 13 11:20:22 UTC 2003
>Number: 53278
>Category: ports
>Synopsis: [MAINTAINER UPDATE] databases/firebird: Fix stack overflow exploit
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 13 04:20:18 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Chris Knight
>Release: FreeBSD 4.8-STABLE i386
>Organization:
AIMS Independent Computer Professionals
>Environment:
System: FreeBSD ait0fd01.aims.private 4.8-STABLE FreeBSD 4.8-STABLE #0: Wed Jun 4 18:50:16 EST 2003 root at ait0fd01.aims.private:/var/obj/usr/src/sys/THINKPAD i386
>Description:
Close exploits detailed in the following security advisories:
http://www.securityfocus.com/archive/1/317356/2003-04-03/2003-04-09/0
http://packetstormsecurity.nl/0305-exploits/dsr-adv001.txt
Also, pre-empt the exploit of a third environment variable.
>How-To-Repeat:
N/A
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/firebird/Makefile,v
retrieving revision 1.19
diff -u -r1.19 Makefile
--- Makefile 10 Jun 2003 09:59:45 -0000 1.19
+++ Makefile 13 Jun 2003 10:34:12 -0000
@@ -18,8 +18,6 @@
MAINTAINER= chris at aims.com.au
COMMENT= The open-source InterBase(tm) 6.0 spin-off (Classic version)
-FORBIDDEN= Local Stack Overflow, see http://packetstormsecurity.nl/0305-exploits/dsr-adv001.txt
-
WRKSRC= ${WRKDIR}/firebird-1.0.2.908
INSTALLS_SHLIB= yes
LDCONFIG_DIRS= %%PREFIX%%/firebird/lib
Index: files/patch-jrd::gds.c
===================================================================
RCS file: files/patch-jrd::gds.c
diff -N files/patch-jrd::gds.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-jrd::gds.c 13 Jun 2003 10:42:20 -0000
@@ -0,0 +1,29 @@
+--- jrd/gds.c.orig Sun Oct 13 16:39:08 2002
++++ jrd/gds.c Fri Jun 13 20:42:01 2003
+@@ -2736,7 +2736,7 @@
+ #endif
+ {
+ ib_prefix = ISC_PREFIX;
+- strcat(ib_prefix_val, ib_prefix);
++ strncat(ib_prefix_val, ib_prefix, sizeof(ib_prefix_val)-1);
+ }
+ #endif
+ ib_prefix = ib_prefix_val;
+@@ -2838,7 +2838,7 @@
+ }
+ else
+ {
+- strcat (ib_prefix_lock_val, ib_prefix_lock);
++ strncat(ib_prefix_lock_val, ib_prefix_lock, sizeof(ib_prefix_lock_val)-1);
+ ib_prefix_lock = ib_prefix_lock_val;
+ }
+ }
+@@ -2939,7 +2939,7 @@
+ }
+ else
+ {
+- strcat (ib_prefix_msg_val, ib_prefix_msg);
++ strncat(ib_prefix_msg_val, ib_prefix_msg, sizeof(ib_prefix_msg_val)-1);
+ ib_prefix_msg = ib_prefix_msg_val;
+ }
+ }
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list