Date: Thu, 6 Apr 2006 09:07:24 +0200 (CEST) From: Petr Rehor <prehor@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: jmz@FreeBSD.org Subject: ports/95397: [patch] archivers/zoo buffer overflow fix Message-ID: <200604060707.k3677OGG043131@charon.rx.cz> Resent-Message-ID: <200604060710.k367AHtJ092232@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 95397 >Category: ports >Synopsis: [patch] archivers/zoo buffer overflow fix >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Apr 06 07:10:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Petr Rehor >Release: FreeBSD 6.0-RELEASE-c3 i386 >Organization: >Environment: System: FreeBSD charon.rx.cz 6.0-RELEASE-c3 FreeBSD 6.0-RELEASE-c3 #0: Tue Nov 8 20:44:39 UTC 2005 root@marvin.rx.cz:/usr/obj/usr/src/sys/GENERIC i386 >Description: archivers/zoo contains exploitable buffer overflows. This update brings patch from original advisory to FreeBSD port and bump PORTREVISION. Port maintainer is Cc'ed. References: - http://www.guay-leroux.com/projects/zoo-advisory.txt - http://www.freebsd.org/ports/portaudit/d9307a41-c4d7-11da-b2fb-000e0c2e438a.html >How-To-Repeat: >Fix: --- zoo.diff begins here --- diff -urN /usr/ports/archivers/zoo/Makefile Makefile --- /usr/ports/archivers/zoo/Makefile Tue Nov 15 22:57:44 2005 +++ Makefile Thu Apr 6 08:47:30 2006 @@ -7,7 +7,7 @@ PORTNAME= zoo PORTVERSION= 2.10.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ DISTNAME= zoo-2.10pl1 diff -urN /usr/ports/archivers/zoo/files/patch-misc.c files/patch-misc.c --- /usr/ports/archivers/zoo/files/patch-misc.c Thu Jan 1 01:00:00 1970 +++ files/patch-misc.c Thu Apr 6 08:45:48 2006 @@ -0,0 +1,20 @@ +--- misc.c.orig Tue Jul 16 17:52:54 1991 ++++ misc.c Thu Apr 6 08:45:41 2006 +@@ -135,11 +135,16 @@ + char *fullpath (direntry) + struct direntry *direntry; + { +- static char result[PATHSIZE]; ++ static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */ + combine (result, + direntry->dirlen != 0 ? direntry->dirname : "", + (direntry->namlen != 0) ? direntry->lfname : direntry->fname + ); ++ ++ if (strlen (result) >= PATHSIZE) { ++ prterror ('f', "Combined dirname and filename too long\n"); ++ } ++ + return (result); + } + --- zoo.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604060707.k3677OGG043131>