ports/65754: [patch] devel/tla - format string vulnerabillitys in included neon

Frank Ruell stoerte at dreamwarrior.net
Mon Apr 19 09:30:20 UTC 2004 

>Number:         65754
>Category:       ports
>Synopsis:       [patch] devel/tla - format string vulnerabillitys in included neon
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 19 02:30:20 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Frank Ruell
>Release:        FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386


	
>Description:
	neon, which comes included in the gnu-arch source has serveral format string vulnerabilitys, see http://vuxml.freebsd.org/84237895-8f39-11d8-8b29-0020ed76ef5a.html
Fix from neon CVS. I mailed the port maintainer on saturday 19:00 UTC.


>How-To-Repeat:
>Fix:

--- tla1.2-1.2-1.diff begins here ---
diff -ruN tla.orig/Makefile tla/Makefile
--- tla.orig/Makefile	Mon Mar  1 23:20:03 2004
+++ tla/Makefile	Sat Apr 17 20:50:46 2004
@@ -7,6 +7,7 @@
 
 PORTNAME=	tla
 PORTVERSION=	1.2
+PORTREVISION=   1
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_GNU} \
 		http://regexps.srparish.net/src/${PORTNAME}/ \
@@ -26,7 +27,7 @@
 ORIGWRKSRC=	${WRKDIR}/${DISTNAME}/src
 WRKSRC=		${ORIGWRKSRC}/=build
 
-pre-configure:
+pre-patch:
 	${MKDIR} ${WRKSRC}
 
 do-configure:
diff -ruN tla.orig/files/patch-libneon-ne_207.c tla/files/patch-libneon-ne_207.c
--- tla.orig/files/patch-libneon-ne_207.c	Thu Jan  1 01:00:00 1970
+++ tla/files/patch-libneon-ne_207.c	Sat Apr 17 20:56:18 2004
@@ -0,0 +1,17 @@
+--- ../tla/libneon.orig/ne_207.c	Sat Dec  6 20:35:28 2003
++++ ../tla/libneon/ne_207.c	Sat Apr 17 20:25:46 2004
+@@ -320,12 +320,12 @@
+ 	if (ne_get_status(req)->code == 207) {
+ 	    if (!ne_xml_valid(p)) { 
+ 		/* The parse was invalid */
+-		ne_set_error(sess, ne_xml_get_error(p));
++		ne_set_error(sess, "%s", ne_xml_get_error(p));
+		ret = NE_ERROR;
+ 	    } else if (ctx.is_error) {
+ 		/* If we've actually got any error information
+ 		 * from the 207, then set that as the error */
+-		ne_set_error(sess, ctx.buf->data);
++               ne_set_error(sess, "%s", ctx.buf->data);
+ 		ret = NE_ERROR;
+ 	    }
+ 	} else if (ne_get_status(req)->klass != 2) {
diff -ruN tla.orig/files/patch-libneon-ne_auth.c tla/files/patch-libneon-ne_auth.c
--- tla.orig/files/patch-libneon-ne_auth.c	Thu Jan  1 01:00:00 1970
+++ tla/files/patch-libneon-ne_auth.c	Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_auth.c	Sat Dec  6 20:35:28 2003
++++ ../tla/libneon/ne_auth.c	Sat Apr 17 20:11:55 2004
+@@ -950,7 +950,7 @@
+     if (areq->auth_info_hdr != NULL && 
+ 	verify_response(areq, sess, areq->auth_info_hdr)) {
+ 	NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
+-	ne_set_error(sess->sess, _(sess->spec->fail_msg));
++	ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
+ 	ret = NE_ERROR;
+     } else if (status->code == sess->spec->status_code && 
+ 	       areq->auth_hdr != NULL) {
diff -ruN tla.orig/files/patch-libneon-ne_locks.c tla/files/patch-libneon-ne_locks.c
--- tla.orig/files/patch-libneon-ne_locks.c	Thu Jan  1 01:00:00 1970
+++ tla/files/patch-libneon-ne_locks.c	Sat Apr 17 20:50:46 2004
@@ -0,0 +1,20 @@
+--- ../tla/libneon.orig/ne_locks.c	Sat Dec  6 20:35:28 2003
++++ ../tla/libneon/ne_locks.c	Sat Apr 17 20:11:55 2004
+@@ -734,7 +734,7 @@
+ 	}
+ 	else if (parse_failed) {
+ 	    ret = NE_ERROR;
+-	    ne_set_error(sess, ne_xml_get_error(parser));
++	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
+ 	}
+ 	else if (ne_get_status(req)->code == 207) {
+ 	    ret = NE_ERROR;
+@@ -802,7 +802,7 @@
+     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
+ 	if (parse_failed) {
+ 	    ret = NE_ERROR;
+-	    ne_set_error(sess, ne_xml_get_error(parser));
++	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
+ 	}
+ 	else if (ne_get_status(req)->code == 207) {
+ 	    ret = NE_ERROR;
diff -ruN tla.orig/files/patch-libneon-ne_props.c tla/files/patch-libneon-ne_props.c
--- tla.orig/files/patch-libneon-ne_props.c	Thu Jan  1 01:00:00 1970
+++ tla/files/patch-libneon-ne_props.c	Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_props.c	Sat Dec  6 20:35:28 2003
++++ ../tla/libneon/ne_props.c	Sat Apr 17 20:11:55 2004
+@@ -142,7 +142,7 @@
+     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
+ 	ret = NE_ERROR;
+     } else if (!ne_xml_valid(handler->parser)) {
+-	ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
++	ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
+ 	ret = NE_ERROR;
+     }
+ 
diff -ruN tla.orig/files/patch-libneon-ne_xml.c tla/files/patch-libneon-ne_xml.c
--- tla.orig/files/patch-libneon-ne_xml.c	Thu Jan  1 01:00:00 1970
+++ tla/files/patch-libneon-ne_xml.c	Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_xml.c	Sat Dec  6 20:35:29 2003
++++ ../tla/libneon/ne_xml.c	Sat Apr 17 20:11:55 2004
+@@ -538,7 +538,7 @@
+ 
+ void ne_xml_set_error(ne_xml_parser *p, const char *msg)
+ {
+-    ne_snprintf(p->error, ERR_SIZE, msg);
++    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
+ }
+ 
+ #ifdef HAVE_LIBXML

--- tla1.2-1.2-1.diff ends here ---




>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list