ports/95397: [patch] archivers/zoo buffer overflow fix
Petr Rehor
prehor at gmail.com
Thu Apr 6 07:10:18 UTC 2006
>Number: 95397
>Category: ports
>Synopsis: [patch] archivers/zoo buffer overflow fix
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 06 07:10:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Petr Rehor
>Release: FreeBSD 6.0-RELEASE-c3 i386
>Organization:
>Environment:
System: FreeBSD charon.rx.cz 6.0-RELEASE-c3 FreeBSD 6.0-RELEASE-c3 #0: Tue Nov 8 20:44:39 UTC 2005 root at marvin.rx.cz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
archivers/zoo contains exploitable buffer overflows. This update brings patch
from original advisory to FreeBSD port and bump PORTREVISION. Port maintainer
is Cc'ed.
References:
- http://www.guay-leroux.com/projects/zoo-advisory.txt
- http://www.freebsd.org/ports/portaudit/d9307a41-c4d7-11da-b2fb-000e0c2e438a.html
>How-To-Repeat:
>Fix:
--- zoo.diff begins here ---
diff -urN /usr/ports/archivers/zoo/Makefile Makefile
--- /usr/ports/archivers/zoo/Makefile Tue Nov 15 22:57:44 2005
+++ Makefile Thu Apr 6 08:47:30 2006
@@ -7,7 +7,7 @@
PORTNAME= zoo
PORTVERSION= 2.10.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/
DISTNAME= zoo-2.10pl1
diff -urN /usr/ports/archivers/zoo/files/patch-misc.c files/patch-misc.c
--- /usr/ports/archivers/zoo/files/patch-misc.c Thu Jan 1 01:00:00 1970
+++ files/patch-misc.c Thu Apr 6 08:45:48 2006
@@ -0,0 +1,20 @@
+--- misc.c.orig Tue Jul 16 17:52:54 1991
++++ misc.c Thu Apr 6 08:45:41 2006
+@@ -135,11 +135,16 @@
+ char *fullpath (direntry)
+ struct direntry *direntry;
+ {
+- static char result[PATHSIZE];
++ static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */
+ combine (result,
+ direntry->dirlen != 0 ? direntry->dirname : "",
+ (direntry->namlen != 0) ? direntry->lfname : direntry->fname
+ );
++
++ if (strlen (result) >= PATHSIZE) {
++ prterror ('f', "Combined dirname and filename too long\n");
++ }
++
+ return (result);
+ }
+
--- zoo.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list