ports/65754: [patch] devel/tla - format string vulnerabillitys in included neon
Frank Ruell
stoerte at dreamwarrior.net
Mon Apr 19 09:30:20 UTC 2004
>Number: 65754
>Category: ports
>Synopsis: [patch] devel/tla - format string vulnerabillitys in included neon
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 19 02:30:20 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Frank Ruell
>Release: FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386
>Description:
neon, which comes included in the gnu-arch source has serveral format string vulnerabilitys, see http://vuxml.freebsd.org/84237895-8f39-11d8-8b29-0020ed76ef5a.html
Fix from neon CVS. I mailed the port maintainer on saturday 19:00 UTC.
>How-To-Repeat:
>Fix:
--- tla1.2-1.2-1.diff begins here ---
diff -ruN tla.orig/Makefile tla/Makefile
--- tla.orig/Makefile Mon Mar 1 23:20:03 2004
+++ tla/Makefile Sat Apr 17 20:50:46 2004
@@ -7,6 +7,7 @@
PORTNAME= tla
PORTVERSION= 1.2
+PORTREVISION= 1
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_GNU} \
http://regexps.srparish.net/src/${PORTNAME}/ \
@@ -26,7 +27,7 @@
ORIGWRKSRC= ${WRKDIR}/${DISTNAME}/src
WRKSRC= ${ORIGWRKSRC}/=build
-pre-configure:
+pre-patch:
${MKDIR} ${WRKSRC}
do-configure:
diff -ruN tla.orig/files/patch-libneon-ne_207.c tla/files/patch-libneon-ne_207.c
--- tla.orig/files/patch-libneon-ne_207.c Thu Jan 1 01:00:00 1970
+++ tla/files/patch-libneon-ne_207.c Sat Apr 17 20:56:18 2004
@@ -0,0 +1,17 @@
+--- ../tla/libneon.orig/ne_207.c Sat Dec 6 20:35:28 2003
++++ ../tla/libneon/ne_207.c Sat Apr 17 20:25:46 2004
+@@ -320,12 +320,12 @@
+ if (ne_get_status(req)->code == 207) {
+ if (!ne_xml_valid(p)) {
+ /* The parse was invalid */
+- ne_set_error(sess, ne_xml_get_error(p));
++ ne_set_error(sess, "%s", ne_xml_get_error(p));
+ ret = NE_ERROR;
+ } else if (ctx.is_error) {
+ /* If we've actually got any error information
+ * from the 207, then set that as the error */
+- ne_set_error(sess, ctx.buf->data);
++ ne_set_error(sess, "%s", ctx.buf->data);
+ ret = NE_ERROR;
+ }
+ } else if (ne_get_status(req)->klass != 2) {
diff -ruN tla.orig/files/patch-libneon-ne_auth.c tla/files/patch-libneon-ne_auth.c
--- tla.orig/files/patch-libneon-ne_auth.c Thu Jan 1 01:00:00 1970
+++ tla/files/patch-libneon-ne_auth.c Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_auth.c Sat Dec 6 20:35:28 2003
++++ ../tla/libneon/ne_auth.c Sat Apr 17 20:11:55 2004
+@@ -950,7 +950,7 @@
+ if (areq->auth_info_hdr != NULL &&
+ verify_response(areq, sess, areq->auth_info_hdr)) {
+ NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
+- ne_set_error(sess->sess, _(sess->spec->fail_msg));
++ ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
+ ret = NE_ERROR;
+ } else if (status->code == sess->spec->status_code &&
+ areq->auth_hdr != NULL) {
diff -ruN tla.orig/files/patch-libneon-ne_locks.c tla/files/patch-libneon-ne_locks.c
--- tla.orig/files/patch-libneon-ne_locks.c Thu Jan 1 01:00:00 1970
+++ tla/files/patch-libneon-ne_locks.c Sat Apr 17 20:50:46 2004
@@ -0,0 +1,20 @@
+--- ../tla/libneon.orig/ne_locks.c Sat Dec 6 20:35:28 2003
++++ ../tla/libneon/ne_locks.c Sat Apr 17 20:11:55 2004
+@@ -734,7 +734,7 @@
+ }
+ else if (parse_failed) {
+ ret = NE_ERROR;
+- ne_set_error(sess, ne_xml_get_error(parser));
++ ne_set_error(sess, "%s", ne_xml_get_error(parser));
+ }
+ else if (ne_get_status(req)->code == 207) {
+ ret = NE_ERROR;
+@@ -802,7 +802,7 @@
+ if (ret == NE_OK && ne_get_status(req)->klass == 2) {
+ if (parse_failed) {
+ ret = NE_ERROR;
+- ne_set_error(sess, ne_xml_get_error(parser));
++ ne_set_error(sess, "%s", ne_xml_get_error(parser));
+ }
+ else if (ne_get_status(req)->code == 207) {
+ ret = NE_ERROR;
diff -ruN tla.orig/files/patch-libneon-ne_props.c tla/files/patch-libneon-ne_props.c
--- tla.orig/files/patch-libneon-ne_props.c Thu Jan 1 01:00:00 1970
+++ tla/files/patch-libneon-ne_props.c Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_props.c Sat Dec 6 20:35:28 2003
++++ ../tla/libneon/ne_props.c Sat Apr 17 20:11:55 2004
+@@ -142,7 +142,7 @@
+ if (ret == NE_OK && ne_get_status(req)->klass != 2) {
+ ret = NE_ERROR;
+ } else if (!ne_xml_valid(handler->parser)) {
+- ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
++ ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
+ ret = NE_ERROR;
+ }
+
diff -ruN tla.orig/files/patch-libneon-ne_xml.c tla/files/patch-libneon-ne_xml.c
--- tla.orig/files/patch-libneon-ne_xml.c Thu Jan 1 01:00:00 1970
+++ tla/files/patch-libneon-ne_xml.c Sat Apr 17 20:50:46 2004
@@ -0,0 +1,11 @@
+--- ../tla/libneon.orig/ne_xml.c Sat Dec 6 20:35:29 2003
++++ ../tla/libneon/ne_xml.c Sat Apr 17 20:11:55 2004
+@@ -538,7 +538,7 @@
+
+ void ne_xml_set_error(ne_xml_parser *p, const char *msg)
+ {
+- ne_snprintf(p->error, ERR_SIZE, msg);
++ ne_snprintf(p->error, ERR_SIZE, "%s", msg);
+ }
+
+ #ifdef HAVE_LIBXML
--- tla1.2-1.2-1.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list