vid 87cc48fd-5fdd-11d8-80e3-0020ed76ef5a (mnogoSearch)

David A. Koran dak at
Wed Nov 10 16:22:07 GMT 2004

mnGoSearch buffer overflow in UdmDocToTextBuf()

I belive the issue raised in this portaudit report has been fixed is 
susequent versions (ref:

they've implemented bounds checking, but it wasn't listed in their 

Please bump the port up to the current version, let me know if this 
needs a port maintainer since 3.1 trees are no longer supported, and the 
last major upgrade was 9+ months ago.

----[ code from mnogosearch-3.2.24 ]----

int UdmDocToTextBuf(UDM_DOCUMENT * Doc,char *textbuf,size_t len){
        size_t  i;
        char    *end;


        udm_snprintf(textbuf, len, "<DOC");

                UDM_VAR *S=&Doc->Sections.Var[i];

                if(!S->name || !S->val ||!S->val[0])continue;
                if(!S->section &&
                   strcasecmp(S->name,"ID") &&
                   strcasecmp(S->name,"URL") &&
                   strcasecmp(S->name,"Status") &&
                   strcasecmp(S->name,"Content-Type") &&
                   strcasecmp(S->name,"Content-Length") &&
                   strcasecmp(S->name,"Content-Language") &&
                   strcasecmp(S->name,"Last-Modified") &&
                   strcasecmp(S->name,"Tag") &&

                udm_snprintf(end, len - (end - textbuf), "\t%s=\"%s\"", 
S->name, S->val);
                end = end + strlen(end);
        if (len - (end - textbuf) > 1) strcpy(end, ">");
        return UDM_OK;

More information about the freebsd-ports mailing list