Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Apr 2006 09:07:24 +0200 (CEST)
From:      Petr Rehor <prehor@gmail.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        jmz@FreeBSD.org
Subject:   ports/95397: [patch] archivers/zoo buffer overflow fix
Message-ID:  <200604060707.k3677OGG043131@charon.rx.cz>
Resent-Message-ID: <200604060710.k367AHtJ092232@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         95397
>Category:       ports
>Synopsis:       [patch] archivers/zoo buffer overflow fix
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 06 07:10:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Petr Rehor
>Release:        FreeBSD 6.0-RELEASE-c3 i386
>Organization:
>Environment:
System: FreeBSD charon.rx.cz 6.0-RELEASE-c3 FreeBSD 6.0-RELEASE-c3 #0: Tue Nov 8 20:44:39 UTC 2005 root@marvin.rx.cz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
archivers/zoo contains exploitable buffer overflows. This update brings patch
from original advisory to FreeBSD port and bump PORTREVISION. Port maintainer
is Cc'ed.

References:
- http://www.guay-leroux.com/projects/zoo-advisory.txt
- http://www.freebsd.org/ports/portaudit/d9307a41-c4d7-11da-b2fb-000e0c2e438a.html

>How-To-Repeat:
>Fix:

--- zoo.diff begins here ---
diff -urN /usr/ports/archivers/zoo/Makefile Makefile
--- /usr/ports/archivers/zoo/Makefile	Tue Nov 15 22:57:44 2005
+++ Makefile	Thu Apr  6 08:47:30 2006
@@ -7,7 +7,7 @@
 
 PORTNAME=	zoo
 PORTVERSION=	2.10.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	ftp://ftp.kiarchive.ru/pub/unix/arcers/
 DISTNAME=	zoo-2.10pl1
diff -urN /usr/ports/archivers/zoo/files/patch-misc.c files/patch-misc.c
--- /usr/ports/archivers/zoo/files/patch-misc.c	Thu Jan  1 01:00:00 1970
+++ files/patch-misc.c	Thu Apr  6 08:45:48 2006
@@ -0,0 +1,20 @@
+--- misc.c.orig	Tue Jul 16 17:52:54 1991
++++ misc.c	Thu Apr  6 08:45:41 2006
+@@ -135,11 +135,16 @@
+ char *fullpath (direntry)
+ struct direntry *direntry;
+ {
+-	static char result[PATHSIZE];
++	static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */
+ 	combine (result,
+ 				direntry->dirlen != 0 ? direntry->dirname : "", 
+ 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
+ 			  );
++
++	if (strlen (result) >= PATHSIZE) {
++		prterror ('f', "Combined dirname and filename too long\n");
++	}
++
+ 	return (result);
+ }
+ 
--- zoo.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604060707.k3677OGG043131>