ports/95397: [patch] archivers/zoo buffer overflow fix

Petr Rehor prehor at gmail.com
Thu Apr 6 07:10:18 UTC 2006 

>Number:         95397
>Category:       ports
>Synopsis:       [patch] archivers/zoo buffer overflow fix
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 06 07:10:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Petr Rehor
>Release:        FreeBSD 6.0-RELEASE-c3 i386
>Organization:
>Environment:
System: FreeBSD charon.rx.cz 6.0-RELEASE-c3 FreeBSD 6.0-RELEASE-c3 #0: Tue Nov 8 20:44:39 UTC 2005 root at marvin.rx.cz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
archivers/zoo contains exploitable buffer overflows. This update brings patch
from original advisory to FreeBSD port and bump PORTREVISION. Port maintainer
is Cc'ed.

References:
- http://www.guay-leroux.com/projects/zoo-advisory.txt
- http://www.freebsd.org/ports/portaudit/d9307a41-c4d7-11da-b2fb-000e0c2e438a.html

>How-To-Repeat:
>Fix:

--- zoo.diff begins here ---
diff -urN /usr/ports/archivers/zoo/Makefile Makefile
--- /usr/ports/archivers/zoo/Makefile	Tue Nov 15 22:57:44 2005
+++ Makefile	Thu Apr  6 08:47:30 2006
@@ -7,7 +7,7 @@
 
 PORTNAME=	zoo
 PORTVERSION=	2.10.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	ftp://ftp.kiarchive.ru/pub/unix/arcers/
 DISTNAME=	zoo-2.10pl1
diff -urN /usr/ports/archivers/zoo/files/patch-misc.c files/patch-misc.c
--- /usr/ports/archivers/zoo/files/patch-misc.c	Thu Jan  1 01:00:00 1970
+++ files/patch-misc.c	Thu Apr  6 08:45:48 2006
@@ -0,0 +1,20 @@
+--- misc.c.orig	Tue Jul 16 17:52:54 1991
++++ misc.c	Thu Apr  6 08:45:41 2006
+@@ -135,11 +135,16 @@
+ char *fullpath (direntry)
+ struct direntry *direntry;
+ {
+-	static char result[PATHSIZE];
++	static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */
+ 	combine (result,
+ 				direntry->dirlen != 0 ? direntry->dirname : "", 
+ 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
+ 			  );
++
++	if (strlen (result) >= PATHSIZE) {
++		prterror ('f', "Combined dirname and filename too long\n");
++	}
++
+ 	return (result);
+ }
+ 
--- zoo.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list