Date: Mon, 19 Apr 2004 11:27:52 +0200 From: Frank Ruell <stoerte@dreamwarrior.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: seanc@FreeBSD.org Subject: ports/65754: [patch] devel/tla - format string vulnerabillitys in included neon Message-ID: <E1BFV4C-0000Lm-A9@dreamwarrior.foobar.ath.cx> Resent-Message-ID: <200404190930.i3J9UKnb094097@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 65754 >Category: ports >Synopsis: [patch] devel/tla - format string vulnerabillitys in included neon >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 19 02:30:20 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Frank Ruell >Release: FreeBSD 5.2.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386 >Description: neon, which comes included in the gnu-arch source has serveral format string vulnerabilitys, see http://vuxml.freebsd.org/84237895-8f39-11d8-8b29-0020ed76ef5a.html Fix from neon CVS. I mailed the port maintainer on saturday 19:00 UTC. >How-To-Repeat: >Fix: --- tla1.2-1.2-1.diff begins here --- diff -ruN tla.orig/Makefile tla/Makefile --- tla.orig/Makefile Mon Mar 1 23:20:03 2004 +++ tla/Makefile Sat Apr 17 20:50:46 2004 @@ -7,6 +7,7 @@ PORTNAME= tla PORTVERSION= 1.2 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GNU} \ http://regexps.srparish.net/src/${PORTNAME}/ \ @@ -26,7 +27,7 @@ ORIGWRKSRC= ${WRKDIR}/${DISTNAME}/src WRKSRC= ${ORIGWRKSRC}/=build -pre-configure: +pre-patch: ${MKDIR} ${WRKSRC} do-configure: diff -ruN tla.orig/files/patch-libneon-ne_207.c tla/files/patch-libneon-ne_207.c --- tla.orig/files/patch-libneon-ne_207.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_207.c Sat Apr 17 20:56:18 2004 @@ -0,0 +1,17 @@ +--- ../tla/libneon.orig/ne_207.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_207.c Sat Apr 17 20:25:46 2004 +@@ -320,12 +320,12 @@ + if (ne_get_status(req)->code == 207) { + if (!ne_xml_valid(p)) { + /* The parse was invalid */ +- ne_set_error(sess, ne_xml_get_error(p)); ++ ne_set_error(sess, "%s", ne_xml_get_error(p)); + ret = NE_ERROR; + } else if (ctx.is_error) { + /* If we've actually got any error information + * from the 207, then set that as the error */ +- ne_set_error(sess, ctx.buf->data); ++ ne_set_error(sess, "%s", ctx.buf->data); + ret = NE_ERROR; + } + } else if (ne_get_status(req)->klass != 2) { diff -ruN tla.orig/files/patch-libneon-ne_auth.c tla/files/patch-libneon-ne_auth.c --- tla.orig/files/patch-libneon-ne_auth.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_auth.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_auth.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_auth.c Sat Apr 17 20:11:55 2004 +@@ -950,7 +950,7 @@ + if (areq->auth_info_hdr != NULL && + verify_response(areq, sess, areq->auth_info_hdr)) { + NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n"); +- ne_set_error(sess->sess, _(sess->spec->fail_msg)); ++ ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg)); + ret = NE_ERROR; + } else if (status->code == sess->spec->status_code && + areq->auth_hdr != NULL) { diff -ruN tla.orig/files/patch-libneon-ne_locks.c tla/files/patch-libneon-ne_locks.c --- tla.orig/files/patch-libneon-ne_locks.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_locks.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,20 @@ +--- ../tla/libneon.orig/ne_locks.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_locks.c Sat Apr 17 20:11:55 2004 +@@ -734,7 +734,7 @@ + } + else if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; +@@ -802,7 +802,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass == 2) { + if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; diff -ruN tla.orig/files/patch-libneon-ne_props.c tla/files/patch-libneon-ne_props.c --- tla.orig/files/patch-libneon-ne_props.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_props.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_props.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_props.c Sat Apr 17 20:11:55 2004 +@@ -142,7 +142,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass != 2) { + ret = NE_ERROR; + } else if (!ne_xml_valid(handler->parser)) { +- ne_set_error(handler->sess, ne_xml_get_error(handler->parser)); ++ ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); + ret = NE_ERROR; + } + diff -ruN tla.orig/files/patch-libneon-ne_xml.c tla/files/patch-libneon-ne_xml.c --- tla.orig/files/patch-libneon-ne_xml.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_xml.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_xml.c Sat Dec 6 20:35:29 2003 ++++ ../tla/libneon/ne_xml.c Sat Apr 17 20:11:55 2004 +@@ -538,7 +538,7 @@ + + void ne_xml_set_error(ne_xml_parser *p, const char *msg) + { +- ne_snprintf(p->error, ERR_SIZE, msg); ++ ne_snprintf(p->error, ERR_SIZE, "%s", msg); + } + + #ifdef HAVE_LIBXML --- tla1.2-1.2-1.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1BFV4C-0000Lm-A9>