ports/76852: [PATCH] textproc/unrtf: fix vulnerability

Stefan Walter sw at gegenunendlich.de
Sun Jan 30 12:50:27 UTC 2005 

>Number:         76852
>Category:       ports
>Synopsis:       [PATCH] textproc/unrtf: fix vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 30 12:50:26 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Stefan Walter
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
Infinity Approximation Task Force
>Environment:
System: FreeBSD kyuzo.dunkelkammer.void 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Dec 18 22:12:32 CET 2004
>Description:
- Attempt to fix the exploitable security issue described at
  http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
  replacing strcat() with strncat(). Please note that I wasn't able to
  reproduce the exploit described at
  http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
  Feedback of someone who can reproduce the exploit with an unpatched unrtf
  would be appreciated.
- Bump PORTREVISION.
- Remove old master site that doesn't seem to have the distfile any more.

Security Team cc'd.

Added file(s):
- files/patch-convert.c

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- unrtf-0.19.3_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/textproc/unrtf.old/Makefile /usr/ports/textproc/unrtf/Makefile
--- /usr/ports/textproc/unrtf.old/Makefile	Sun Jan 30 11:37:30 2005
+++ /usr/ports/textproc/unrtf/Makefile	Sun Jan 30 12:16:02 2005
@@ -6,17 +6,13 @@
 
 PORTNAME=	unrtf
 PORTVERSION=	0.19.3
+PORTREVISION=	1
 CATEGORIES=	textproc
-MASTER_SITES=	http://unrtf.50megs.com/ \
-		${MASTER_SITE_GNU}
+MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	ports at FreeBSD.org
 COMMENT=	A converter from RTF to several formats, including HTML and LaTeX
-
-FORBIDDEN=	http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html
-DEPRECATED=	${FORBIDDEN}
-EXPIRATION_DATE=2005-02-16
 
 USE_REINPLACE=	yes
 ALL_TARGET=	unrtf
diff -ruN --exclude=CVS /usr/ports/textproc/unrtf.old/files/patch-convert.c /usr/ports/textproc/unrtf/files/patch-convert.c
--- /usr/ports/textproc/unrtf.old/files/patch-convert.c	Thu Jan  1 01:00:00 1970
+++ /usr/ports/textproc/unrtf/files/patch-convert.c	Sun Jan 30 13:35:57 2005
@@ -0,0 +1,11 @@
+--- convert.c.orig	Sun Jan 30 13:34:16 2005
++++ convert.c	Sun Jan 30 13:35:36 2005
+@@ -341,7 +341,7 @@
+ 				while(w2) {
+ 					tmp = word_string (w2);
+ 					if (tmp && tmp[0] != '\\')
+-						strcat(name,tmp);
++						strncat(name,tmp,sizeof(name)-strlen(name)-1);
+ 
+ 					w2=w2->next;
+ 				}
--- unrtf-0.19.3_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list