git: 483d9e29e056 - main - korean/hcode: Fix buffer overflow in mail.c
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 May 2024 19:54:56 UTC
The branch main has been updated by riggs:
URL: https://cgit.FreeBSD.org/ports/commit/?id=483d9e29e0569128d7f88e08c295c1f3dbeabf01
commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01
Author: Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2024-05-01 19:52:46 +0000
Commit: Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2024-05-01 19:54:54 +0000
korean/hcode: Fix buffer overflow in mail.c
Reported by: Wolfgang Frisch <wfrisch@suse.de>
MFH: 2024Q2
Security: CVE-2024-34020
---
korean/hcode/Makefile | 2 +-
korean/hcode/files/patch-mail.c | 34 ++++++++++++++++++++++------------
2 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile
index c881a07a90ee..d268b08c41c6 100644
--- a/korean/hcode/Makefile
+++ b/korean/hcode/Makefile
@@ -1,6 +1,6 @@
PORTNAME= hcode
PORTVERSION= 2.1.3
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= korean
MASTER_SITES= http://ftp.kaist.ac.kr/hangul/incoming/ \
ftp://ftp.kaist.ac.kr/hangul/incoming/ \
diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c
index 9c9f5136dff3..57bc6ab2837e 100644
--- a/korean/hcode/files/patch-mail.c
+++ b/korean/hcode/files/patch-mail.c
@@ -1,15 +1,16 @@
---- mail.c.orig 1998-03-11 05:02:22.000000000 -0500
-+++ mail.c 2013-06-12 20:06:21.000000000 -0400
-@@ -1,4 +1,8 @@
+--- mail.c.orig 1998-03-11 10:02:22 UTC
++++ mail.c
+@@ -1,5 +1,9 @@
+#include <ctype.h>
#include <stdio.h>
+#include <string.h>
-+
-+static int ks2iso(unsigned char *, FILE *);
++static int ks2iso(unsigned char *, FILE *);
++
/* ------------------------------------------------------
Search for Starting Mark and print out (ENGLISH) prologue
-@@ -66,9 +70,8 @@
+ mark : Starting Code
+@@ -66,9 +70,8 @@ FILE *fpin, *fpout;
#define SI '\017'
#define SO '\016'
@@ -21,7 +22,7 @@
{
int mode=ASCII;
int i=0;
-@@ -172,8 +175,8 @@
+@@ -172,8 +175,8 @@ void (*prwc)();
if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL) /* no message body */
return(1); /* header only (6/8/96) */
@@ -32,7 +33,7 @@
header_switch(iptr,fpout);
continue;
}
-@@ -186,7 +189,7 @@
+@@ -186,7 +189,7 @@ void (*prwc)();
while ( charset[++i] != NULL ) {
sprintf(encode_prefix,"=?%s?B?",charset[i]);
@@ -41,7 +42,7 @@
strlen(encode_prefix)) ) {
isbqheader=
bqheader_decode(&iptr,encode_prefix,Bencode,
-@@ -195,7 +198,7 @@
+@@ -195,7 +198,7 @@ void (*prwc)();
}
sprintf(encode_prefix,"=?%s?Q?",charset[i]);
@@ -50,7 +51,16 @@
strlen(encode_prefix)) ) {
isbqheader=
bqheader_decode(&iptr,encode_prefix,Qencode,
-@@ -250,15 +253,15 @@
+@@ -238,7 +241,7 @@ int outCode;
+ unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN];
+ unsigned char *iptr, *tptr;
+
+- if ( cp >= HDR_BUF_LEN ) {
++ if ( cp >= (HDR_BUF_LEN-8) ) {
+ pr2m(Printwc,fpout,outCode);
+ return;
+ }
+@@ -250,15 +253,15 @@ int outCode;
return;
}
ibuf[cp++] = '\n';
@@ -69,7 +79,7 @@
string_to_base64(obuf, tbuf);
fprintf(fpout,"=?EUC-KR?B?%s?=",obuf);
}
-@@ -342,12 +345,12 @@
+@@ -342,12 +345,12 @@ void (*prwc)();
only checks if there's any whitespace or '?'.
*/
@@ -85,7 +95,7 @@
iptr+=2;
if ( encoding == Bencode)
base64_to_string(obuf, tbuf);
-@@ -495,7 +498,7 @@
+@@ -495,7 +498,7 @@ void header_switch(iptr,fpout)
/* void header_switch(iptr0,fpout,name_len) */
void header_switch(iptr,fpout)
/* unsigned char **iptr0; */